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ON THE TENSOR RANK OF MULTIPLICATION IN FINITE 

FIELDS 

S. BALLET, J. CHAUMINE, J. PIELTANT, AND R. HOLLAND 



Abstract. In this paper, we give a survey of the known results concern- 
ing the tensor rank of the multiplication in finite fields and we establish new 
3 ^ asymptotical and not asymptotical upper bounds about it. 



1. Introduction 



Several objects constitute the aim of this paper. First, it is a question of in- 
troducing the problem of the tensor rank of the multiplication in finite fields and 
(-H I of giving a statement of the results obtained in this part of algebraic complexity 

theory for which the best general reference is [T7]. In particular, one of the aims 
of this paper is to list exhaustively the few published mistaken statements and to 
explain them. In the second part, we repair and clarify certain of these statements. 
Last but not least, we improve several known results. In this section we introduce 
CNJ ■ the problem, we set up notation and terminology and we present the organization 

P* I of this paper as well as the new obtained results. 

OO . 1.1. The bilinear complexity of the multiplication. Let ¥q be a finite field 

with q — p'' elements where p is a prime number. Let F^n be a degree n extension 
of Fq. The multiplication m in the finite field Fgr. is a bilinear map from F^i. x F^i. 
C^^ ' into Fqi. , thus it corresponds to a linear map M from the tensor product F^i. (^ F^ij 

O , into Fq- . One can also represent M by a tensor t^ S F*„ (g) F*„ F^r. where F*„ 

denotes the algebraic dual of F„re . Each decomposition 



(1) tM = Y.<®^*^ 

3 , of the tensor Im , where a* , b* e F*„ and Ci G F^n , brings forth a multiplication 

algorithm 

k 

x.y = tM{x®y) = ^a*(a;) ® b*{x) ® a. 

1=1 

The bilinear complexity of the multiplication in F^n over F^, denoted by fJ-q{n), 

is the minimum number of summands in the decomposition ([TJ . Alternatively, we 

can say that the bilinear complexity of the multiplication is the rank of the tensor 

tM (cf. ES], m). 

1.2. Organization of the paper. In Section 2, we present the classical results 
via the approach using the multiplication by polynomial interpolation. In section 3, 
we give an historical record of results resulting from the pioneer works due to D.V. 
and G.V. Chudnovky PU] and later Shparlinski, Tsfasman and Vladut in [25|. In 
particular in Subsection 3.1, we present the original algorithm as well as the most 

1 



2 S. BALLET, J. CHAUMINE, J. PIELTANT, AND R. HOLLAND 

successful version of the algorithm of Chudnovsky type at the present time. This 
modern approach uses the interpolation over algebraic curves defined over finite 
fields. This approach, which we recount the first success as well as the rocks on 
which the pionners came to grief, enables to end at a first complete proof of the 
linearity of the bilinear complexity of multiplication [3]. Then, in Subsection 3.2, 
we recall the known results about the bilinear complexity fJ.q{n). Finally, in Section 
4, we give new results for fJ.q{n). More precisely, we obtain new upper bounds for 
IJ-q{n) as well as new asymptotical upper bounds. 

2. Old classical results 
Let 



p{u)^j2' 



4=0 

be a monic irreducible polynomial of degree n with coefficients in a field F. Let 

n-l 

R{u) ^ ^ XiU^ 
and 

n-l 
i=0 

be two polynomials of degree < n — 1 where the coefficients Xi and y^ are indeter- 
minates. 

Fiduccia and Zalcstein (cf. [22], [17] p. 367 prop. 14.47) have studied the general 
problem of computing the coefficients of the product R(u) x S{u) and they have 
shown that at least 2n — 1 multiplications are needed. When the field F is infinite, 
an algorithm reaching exactly this bound was previously given by Toom in |32| . 
Winograd described in t34j all the algorithms reaching the bound 2n — 1. More- 
over. Winograd proved in [35] that up to some transformations every algorithm for 
computing the coefficients of R{u) x S{u) mod P{u) which is of bilinear complexity 
2n — 1, necessarily computes the coefficients of R{u) x S{u), and consequently uses 
one of the algorithms described in [M] • These algorithms use interpolation technics 
and cannot be performed if the cardinality of the field F is < 2n — 2. In conclusion 
we have the following result: 

Theorem 2.1. If the cardinality of F is < 2n — 2, every algorithm computing the 
coefficients of R{u) x S{u) mod P{u) has a bilinear complexity > 2ri — 1. 

Applying the results of Winograd and De Groote [53] and Theorem 12.11 to the 
multiplication in a finite extension Fgn of a finite field F^ we obtain: 

Theorem 2.2. The bilinear complexity fJ-q{n) of the multiplication in the finite field 
¥qn over ¥q verifies 

Hq{n) >2n~l, 
with equality holding if and only if 

This result does not give any estimate of an upper bound for fJ-q{n), when n is 
large. In |27| . Lempel, Seroussi and Winograd proved that fJ-q(n) has a quasi-linear 
upper bound. More precisely: 



Theorem 2.3. The bilinear complexity of the multiplication in the finite field F^i. 
over ¥q verifies: 

M<j(") < fqin)n, 
where fq{n) is a very slowly growing function, namely 

fq{n) = 0(logg log, • • • logq(n)) 
^ « ' 

k times 

for any k > 1. 

Furthermore, extending and using more efficiently tfie teclinique developed in 
|16| . Bshouty and Kaminski showed that 

f-qin) > Sn — o{n) 

for q > 3. The proof of the above lower bound on the complexity of straight-line 
algorithms for polynomial multiplication is based on the analysis of Hankel matrices 
representing bilinear forms defined by linear combinations of the coefhcients of the 
polynomial product. 

3. The modern approach via algebraic curves 

We have seen in the previous section that if the number of points of the ground 
field is too low, we cannot perform the multiplication by the Winograd interpo- 
lation method. D.V. and G.V. Chudnowsky have designed in [20] an algorithm 
where the interpolation is done on points of an algebraic curve over the groundficld 
with a sufficient number of rational points. Using this algorithm, D.V. and G.V. 
Chudnovsky claimed that the bilinear complexity of the multiplication in finite ex- 
tensions of a finite field is asymptotically linear but later Shparlinski, Tsfasman and 
Vladut in f5S] noted that they only proved that the quantity niq = lim inf fc_j.oo ^^ 
is bounded which do not enable to prove the linearity. To prove the linearity, it is 
also necessary to prove that Mq = lim supj,_^o2 fc"^ i^ bounded which is the main 
aim of their paper. However, I. Cascudo, R. Cramer and C. Xing recently detected 
a mistake in the proof of Shparlinski, Tsfasman and Vladut. Unfortunately, this 
mistake that we will explain in details in this section, also had an effect on their 
improved estimations of ruq. After the above pioneer research, S. Ballet obtained in 
[3| the first upper bounds uniformly with respect to q for fJ.q{n). These bounds not 
being affected by the same mistake enable at the same time to prove the linearity 
of the bilinear complexity of the multiplication in finite extensions of a finite field. 
Then, S. Ballet and al. obtained several improvements which will be recalled at the 
end of this section. 

3.1. Linearity of the bilinear complexity of the multiplication. 

3.1.1. The D.V. Chudnovsky and G.V. Chudnovsky algorithm. In this section, we 
recall the brilliant idea of D.V. Chudnovsky and G.V. Chudnovsky and give their 
main result. First, we present the original algorithm of D.V. Chudnovsky and G.V. 
Chudnovsky, which was established in 1987 in [20] . 

Theorem 3.1. Let 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 



• V be a divisor of F/¥ 



1' 
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u V = {Pi, •••, Pn} be a set of places of degree 1. 

We suppose that Q, Pi, • • • , Pn are not in the support ofD and that: 

a) The evaluation map 

EvQ : C{V) ^ F,,. ~ Fq 

is onto (where Fq is the residue class field of Q), 
h) the application 



Evv ■■ { . ' ,%, 



C{2V) -^ F^ 

/ ^ (/(Pi),...,/(P^)) 

is injective. 
Then 

l^q{n) < N. 

As pointed in [29], using this algorithm with a suitable sequence of algebraic 
curves defined over a finite field Fg, D.V. Chudnovsky and G.V. Chudnovsky only 
proved the following result: 

Theorem 3.2. Let q he a square > 25. Then 



m,infM!)<2('l + ^_') 



Indeed, in their proof, they only use the existence of a family of curves reaching 
the Drinfeld-Vladut bound A(q), which is an upper limit and it only enables to 
obtain a lower limit for ^''^' . 

3.1.2. Asymptotic bounds. As seen previously, Shparlinski, Tsfasman, Vladut have 
given in [29J many interesting remarks on the algorithm of D.V. and G.V. Chud- 
novsky and the bilinear complexity. In particular, they have considered asymptotic 
bounds for the bilinear complexity in order to prove the asymptotic linearity of 
this complexity from the algorithm of D.V. and G.V. Chudnovsky. Following these 
authors, let us define 

M, -hmsup^^ 
and 



TO, 



= lim inf ■ 



fc-i-oo k 

It is not at all obvious that either of these values is finite but anyway the bilinear 
complexity of multiplication can be considered as asymptotically linear in the degree 
of extension if and only if the quantity Mq is finite. First, let us recall a very useful 
Lemma due to D.V. and G.V. Chudnovsky [50] and Shparlinski, Tsfasman, Vladut 
[29l Lemma 1.2 and Corollary 1.3]. 

Lemma 3.3. For any prime power q and for all the positive integers n and m, we 
have 

tiq{m) < Hq{mn) < ^iq{n).^j,q^{m) 

ruq < mq^.fj,q{n)/n 

Mq<Mq,^.^lq{n). 



Now, let us summarize the known estimates concerning these quantities, namely 
the lower bound of m2 obtained by R. Brockett, M. Brown and D. Dobkin in [T4] 
[15] and the lower bound of niq for q > 2 given by Shparlinski, Tsfasman and Vladut 
inL29j. 

Proposition 3.4. 

TO2 > 3.52 
and 

m„ > 2 1 H I for any q > 2. 

Note that all the upper bounds of Mq and niq for any q given by Shparlinski, 
Tsfasman and Vladut in [221 are not proved. Indeed, in [5^, they claim that for 
any q (in particular for g = 2), niq and overall Mq are finite but I. Cascudo, R. 
Cramer and C. Xing recently communicated us the existence of a gap in the proof 
established by I. Shparlinsky, M. Tsfasman and S. Vladut: "the mistake in [29] 
from, 1992 is in the proof of their Lemma 3.3, page 161, the paragraph following 
formulas about the degrees of the divisor. It reads: "Thus the number of hnear 
equivalence classes of degree a for which either Condition a or Condition j3 fails is 
at most Di,i + Di,. " This is incorrect; Di, should be multiplied by the torsion. Hence 
the proof of their asympotic bound is incorrect. " 
Let us explain this gap in next section. 

3.1.3. Gap in the proof of the asymptotic linearity. We settle the following elements 

(1) a place of degree n denoted by Q; 

(2) 2n + g — 1 places of degree 1 : Pi, • • • , P2n+g-i- 
We look for a divisor D such that: 

(1) deg(D) = n + g-l; 

(2) dim{jr{D - Qj) = 0; 

(3) dim(£(2D - (Pi + P2 + • • • + P2n+g-l))) = 0. 

The results concerning Mq et ruq obtained in the paper [53] depend on the 
existence of such a divisor D. 

Let us remark that these conditions only depend on the class of a divisor (the 
dimension of a divisor, the degree of a divisor are invariant in a same class). Conse- 
quently, we can work on classes and show the existence of a class [D] which answers 
the question. 

Let Jn+g-i be the set of classes of degree n + g — 1 divisors. We know from 
F. K. Schmidt Theorem that there exists a divisor Dq of degree n + g — 1. The 
application ipn+g-i from Jn+g-i into the Jacobian Jq defined by 

^n+g-lim = [D ^ Do] 

is a bijection from Jn+g-i into Jq. All the sets Jk have the same number h of 
elements {h is called the number of classes). 

Let u be the application from Jn+g-i into Jg-i defined by u([Z)]) = [D — Q]. 
This application is bijective. Thus if we set 

Hn+g-l - {[D] e Jn+g-l I AlTn{[D - Q] ) = 0}, 

and 

A'g_i = {[A]e Jg-i I dim([A]) = 0}, 
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we have 

Kg-l = u{Hn+g-l), 

and then 

#Hn + g~l = #Kg_l. 

Let us note that if [A] is an element of Jg-i which is in the complementary of 
Kg^i namely dim([A]) > 0, then there exists in the class [A] at least an effective 
divisor (there exists a x such that A + (x) > 0) . Moreover effective divisors in dif- 
ferent classes are different. So the complementary of Kg^i in Jg-i has a cardinality 
< Ag_i where Ag_i is the number of effective divisors of degree g — 1. Then the 
cardinality of Kg^i verifies the inequality 

Let us remark that classes which belong to Hn+g-i are the only ones which can 
solve our problem. But they also have to verify the additional condition 

dim(2i^ - (Pi + P2 + • • • + P2n+g-l)) - 0. 

We would like to use a combinatorial proof as for the first condition. 

So we have to consider the application v from H„+g-i to Jg-i defined by 

vi[D]) ^[2D-{P,+P2 + ---+ P2n+g-l)]- 

Unfortunately the application [D] i— > [2D] is not necessarily injective. This is related 
to 2-torsion points of the Jacobian. The fact that the application v is not injective 
does not allow us to conclude that there exists an image "big" enough and use a 
combinatorial argument like in the first part. 

3.2. Known results about the bilinear complexity fJ.q{n). 

3.2.1. Extensions of the Chudnovsky algorithm. In order to obtain good estimates 
for the bilinear complexity, S. Ballet has given in [3] some easy to verify conditions 
allowing the use of the D.V. and G.V. Chudnovsky algorithm. Then S. Ballet and 
R. RoUand have generalized in [T3] the algorithm using places of degree 1 and 2. 

Let us present the last version of this algorithm, which is a generalization of the 
algorithm of type Chudnovsky introduced by N. Arnaud in [1] and M. Cenk and F. 
Ozbudak in [19]. This generalization uses several coefficients in the local expansion 
at each place Pi instead of just the first one. Due to the way to obtain the local 
expansion of a product from the local expansion of each term, the bound for the 
bilinear complexity involves the complexity notion Mq{u) introduced by M. Cenk 
and F. Ozbudak in [19J and defined as follows: 

Definition 3.5. We denote by Mq{u) the minimum number of multiplications 
needed in ¥q in order to obtain coefficients of the product of two arbitrary u-term 
polynomials modulo x" in Fg [x\ . 

For instance, we know that for all prime powers q, we have Mq{2) < 3 by |18) . 

Now we introduce the generalized algorithm of type Chudnovsky described in |19| . 

Theorem 3.6. Let 

• q be a prime power, 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 



• V be a divisor of F/¥q, 

m V = {Pi, ■ ■ ■ , Pn} be a set of N places of arbitrary degree, 

• ui, . . . , UN be positive integers. 

We suppose that Q and all the places in V are not in the support of T) and that: 
a) the map 



Eve 



C{V) ^ Fg. ~ Fq 



f ^ f{Q) 
is onto, 
b) the map 

r £(21?) -^ (F^do^Pi)"^ X (F,do,P,)"' X ••• X (F^dc,P„)"" 

"■l / ^ (^i(/),^2(/),...,(^^(/)) 

is injective, where the application ipi is defined by 
. r £(2I?) ^ (F,.c.pO" 

^^'l / ^ {f{n)J'{p,),...,f(-^-'\p,)) 

with f = f{Pi) + f'{Pi)t, + f"{P^)tf + ... + f''''^Pi)t'l + ..., the local expansion 
at Pi of f in C(2V), with respect to the local parameter ti. Note that we set 
/'"' = /.' 
Then 

N 

l^q{n) < ^Hq{degP,)MgdasPi{ui). 

Let us remark that the algorithm given in [20J by D.V. and G.V. Chudnovsky is 
the case degP,; — 1 and u^ = 1 for i = 1, . . . , A^. The first generahzation introduced 
by S. Ballet and R. Rolland in [f3j concerns the case degP^ = 1 or 2 and Ui = 1 for 
i = 1, . . . ,N. Next, the generalization introduced by N. Arnaud in [1] concerns the 
case deg P^ = 1 or 2 and u^ = 1 or 2 for i = f , . . . , A^. However, note that the work 
of N. Arnaud has never been published and contains few mistakes (mentioned below) 
which will be repared in this paper. Finally, the last generalization introduced by 
M. Cenk and F. Ozbudak in [12] is useful: it allows us to use certain places of 
arbitrary degree many times, thus less places of fixed degree are necessary to get 
the injectivity of Ev-p . 

In particular, we have the following result, obtained by N. Arnaud in [1]. 

Corollary 3.7. Let 

• q be a prime power, 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 

• D be a divisor of F/¥q, 

• V ^ {Pi, . . . ,Pni,Pni+i, ■ ■ ■ , Pni+N2} be a set of Ni places of degree 
one and N2 places of degree two, 

• < /i < A^i and < I2 l£ N2 be two integers. 

We suppose that Q and all the places in V are not in the support of T) and that: 
a) the map 

EvQ -.CiV)^ Fg. ~ Fq 
is onto, 
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^ (/(Pi),...,/(K),/'(A),---,/'(^h), 



«s injective. 
Then 



fig{n) < Ni + 2li + 3N2 + 6I2 



Moreover, from the last corollary applied on Garcia-Stichteiioth towers, N. Ar- 
naud obtained in ^ the two following bounds: 

Theorem 3.8. Let q = p^ be a prime power. 

(i) Ifq>4, then /i,^ (n) < 2 (^1 + -^-^— ^^^— ^ j n, 

(i^) Ifq > 16, then ^l,{n) <i[l + -^-^^-^iL___ j „. 

We will give a proof of Bound (i) together with an improvement of Bound (ii) in 
Section 14.41 In that section, we will also prove two revised bounds for /ip2 (n) and 
fip{n) given by Arnaud in [IJ. Indeed, Arnaud gives the two following bounds with 
no detailed calculation: 



(iii) If p > 5 is a prime, then /ip2 (n) < 2 ( 1 + -^ j n, 

(iv) If p > 5 is a prime, then fJ.p{n) < 3 1 1 H — ^ ) n. 

In fact, one can check that the denominators p~ 1 and p~ 2 are slightly overestimated 
under Arnaud's hypotheses. 

From the results of [3 and the previous algorithm, we obtain (cf. [3], |13j): 

Theorem 3.9. Let q be a prime power and let n be an integer > 1. Let F/¥q be 
an algebraic function field of genus g and Nk the number of places of degree k in 
F/¥q. If F/¥q IS such that 2.g + 1 < q^ (g^ - 1) then: 

1) if Ni>2n + 2g- 2, then 

pLq{n) <2n + g—l, 

2) if there exists a non-special divisor of degree g — 1 and Ni + 2N2 > 2n + 2g — 2, 
then 

fiq{n) < 3n + 3g, 

3) if Ni + 2N2 > 2n + Ag-2, then 

fJ-qin) < 3?1 + 65. 

3.2.2. Known upper bounds for fJ-q{n). From "good" towers of algebraic functions 
fields satisfying Theorem 13. 9[ it was proved in |3, [S], [HIj HH, [S| and (H]: 

Theorem 3.10. Let q ^ p^ a power of the prime p. The bilinear complexity piq{n) 
of multiplication in any finite field F^n is linear with respect to the extension degree, 
more precisely: 

Hq{n) < CqU 



where Cq is the constant defined by: 

ifq^2 then 22 

else if q = Z then 27 



else if q — p > 5 then 3 ( 1 H — ^ 



else ifq=p^>2h then 2^1 + ^] 
else ifq= p^'' > 16 then 2 ( 1 + 
else if q > 4: 



c, = <! 



?-3+(p-l)(l-^) 



then 6(1 + ^ 



else if q > 16 



then 3 1 + 



2p 



g-3+2(p-l)(l-^) 



[12] and [in] 

E] 

m 
m 

m 

m 



Note that the new estimate for the constant C2 comes from two recent improve- 
ments. First, one knows from Table 1 in [T5] that ^JL2{n) < 22n for 2 < n < 7 since 
f^2{n) < 22 for such integers n. Moreover, applying the bomid iJ,2{n) < -^n + 



45 



n < 22n for n > 8. Note also that 



obtained in [T^], one gets p.2{n) < ( ^ + 2375 
the upper bounds obtained in [S] and [7] are obtained by using the mistaken state- 
ments of I. Shparlinsky, M. Tsfasman and S. Vladut [5^ mentioned in the above 
section 13.1.31 Consequently, these bounds are not proved and unfortunatly they 
can not be repaired easily. However, certain not yet published results recently due 
to H. Randriambololona concerning the geometry of Riemann-Roch spaces might 
enable to repair them in certain cases. 

3.2.3. Some exact values for the bilinear complexity. Applying the D.V. and G.V. 
Chudnovsky algorithm with well fitted elliptic curves, ShokroUahi has shown in |28) 
that: 

Theorem 3.11. The bilinear complexity Pq{n) of the multiplication in the finite 
extention Fgn of the finite field ¥q is equal to 2n for 



(2) 



-q + l<n<-{q + l + eiq)) 



where e is the function defined by 



the greatest integer < 2y/q prime to q, if q is not a perfect square 
2v^i if q is a perfect square. 

We still do not know if the converse is true. More precisely the question is: 
suppose that Hq{n) = 2n, are the inequalities ([2]) true? 

However, for computational use, it is helpful to keep in mind some particu- 
lar exact values for /ig(n), such as fiq{2) = 3 for any prime power q, /i2(4) = 9, 
/i4(4) = M5(4) = 8 or ^^2(2*^) = 15 [20J. 
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4. New results for ^J,q{n) 

4.1. Towers of algebraic function fields. In this section, we introduce some 
towers of algebraic function fields. Theorem 13.91 applied to the algebraic function 
fields of these towers gives us bounds for the bilinear complexity. A given curve 
cannot permit to multiply in every extension of Fq, just for n lower than some 
value. With a tower of function fields we can adapt the curve to the degree of 
the extension. The important point to note here is that in order to obtain a well 
adapted curve it will be desirable to have a tower for which the quotients of two 
consecutive genus are as small as possible, namely a "dense" tower. 

For any algebraic function field F/¥q defined over the finite field F^, we denote 
by g{F/¥q) the genus of F/¥q and by Nk{F/¥q) the number of places of degree k 
in F/¥g. 

4.1.1. Garcia- Stichtenoth tower of Artin-Schreier algebraic function field exten- 
sions. We present now a modified Garcia-Stichtenoth's tower (cf. [23], [5], |13| ) 
having good properties. Let us consider a finite field Fg2 with q = p^ > 5 and r an 
odd integer. Let us consider the Garcia-Stichtenoth's elementary abelian tower Ti 
over ¥q2 constructed in [23J and defined by the sequence {Fq, Fi, F2, . . .) where 

^fe+i := Fk{zk+i) 
and Zfc+i satisfies the equation: 

q I q+1 

with 

Xk ■= Zk/xk-i in Fkifor fc > 1). 
Moreover Fq :— Fq2(a;o) is the rational function field over ¥^2 and Fi the Hermitian 
function field over ¥^2 . Let us denote by gk the genus of Fk , we recall the following 
ioimulae: 

,. \ q^ + q^^'^ - q^ - 2q^ + 1 if fc = 1 mod 2, 

^' ^''~\q^ + q''-^-\qi+^-^qi-qi-^ + l if fc = mod 2. 

Let us consider the completed Garcia-Stichtenoth tower 

T2 ~ Fofl C Fo_i C . . . C Fo^r Q Fi^o C Fij C . . . C Fi^r ■ ■ ■ 

considered in [5 such that Fk C Fk^s ^ -Ffc+i for any integer s e {0, . . . ,r}, with 
Fkfl = Fk and Fk^r = Fk+i- Recall that each extension Fk^s/Fk is Galois of degree 
p^ with full constant field Fg2 . Now, we consider the tower studied in [13] 

^3 = Go.o ^ Go,! C . . . C Go^r ^ Gi ^ Gi^i C . . . C Gi^r ■ ■ ■ 

defined over the constant field F^ and related to the tower T2 by 

Fk.s — Fq2 Gfe.s for all fc and s, 

namely ¥k,s/¥q2 is the constant field extension of Gk,s/¥q. Note that the tower T3 
is well defined by [T3] and [TT]. Moreover, we have the following result: 

Proposition 4.1. Let q — p^ > A be a prime power. For all integers fc > 1 and 
s e {0, . . . ,r}, there exists a step Fk^s/¥q2 (respectively Gk,s/¥q) with genus gk,s 
and Nk,s places of degree 1 in Fk,s/¥q2 (respectively Nk^s places of degree 1 and 2 
in Gk,s/¥q with places of degree 2 being counted twice) such that: 
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(1) Fk C Fk^s Q Fk+i, where we set Fkfi = Fk and Fk^r = Fk+i, 
(respectively Gk C Gk,s ^ Gk+i, where we set Gk,o = Gk and Gk,r = Gk+i), 

(2) \gk - l)p' + 1 < gk,s < fl±^ + 1, 

(3) iVfe,3>(g2-l)gfe-V. 

4.1.2. Garcia- Stichtenoth tower of Kummer function field extensions. In this sec- 
tion we present a Garcia-Stichtenoth's tower (cf. [9]) having good properties. Let 
¥q be a finite field of characteristic p > 3. Let us consider the tower T over Fg 
which is defined recursively by the following equation, studied in |24) : 

2 X^ + 1 

y =^^- 

The tower T/¥q is represented by the sequence of function fields {Hq. Hi,H2, ■■■) 
where _ff„ = ¥q{xo,xi, ...,a;„) and xf^i = {xf + l)/2xi holds for each z > 0. Note 
that Hq is the rational function field. For any prime number p > 3, the tower 
T/Fp2 is asymptotically optimal over the field Fp2, i.e. T/¥p2 reaches the Drinfeld- 
Vladut bound. Moreover, for any integer fc, Hk/¥p2 is the constant field extension 
of-fffc/Fp. 

From [9|, we know that the genus g{Hk) of the step Hk is given by: 

,., ,„ , f 2*^+1 -3-24 +1 iffc = mod 2, 

^^^ ffl^'c)^! 2^+1-2.2^ + 1 iffc^l mod2. 

and that the following bounds hold for the number of rational places in Hk over 
Fp2 and for the number of places of degree 1 and 2 over Fpi 

(5) 7Vi(i?fe/Fp2)>2'=+i(p-l) 
and 

(6) Ni{Hk/W.p) + 2N2{Hk/¥.p) > 2''+\p~l). 

From the existence of this tower, we can obtain the following proposition [9]: 

Proposition 4.2. Let p he a prime number > 5. Then for any integer n > 
i(p + 1 + e{p)) where e{p) is defined as in Theorem \S.ll[ 

1) there exists an algebraic function field Hk/¥p2 of genus g{Hk/¥p2) such that 
2g[Hk/¥p2) + 1 < p"-i(p - 1) and N^{Hk/¥p2) > 2n + 2g{Hk/¥p2) ~ 2, 

2) there exists an algebraic function field Hk/¥p of genus g{Hk/¥p) such that 
2g{Hk/¥p)+l < p^ip^-1) andNi{Hkl¥p) + 2N2{Hk/¥p) > 2n + 2g{Hk/¥p) - 
and containing a non-special divisor of degree g{Hk/¥p) — 1. 

4.2. Some preliminary results. Here we establish some technical results about 
genus and number of places of each step of the towers r2/Fg2, Ta/Fg, T/¥p2 and 
T/¥p defined in Section HTTl These results will allow us to determine a suitable step 
of the tower to apply the algorithm on. 

4.2.1. About the Garcia-Stichtenoth's tower. In this section, q :— p^ is a power of 
the prime p. 

Lemma 4.3. Let q > 3. We have the following bounds for the genus of each step 
of the towers T'2/Fg2 and Ta/Fg/ 

^) 9k > q^ for all k> A, 

a) gk <g''"H'7 + i) - V^Q^ , 
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m) gk.s < <1^^^{<1 + l)p'' for all k > and s = 0, . . . ,r, 
iv) gk.s < '?''('?+i^;_'?7('?-i) for allk>2 ands = 0,...,r. 

Proof, i) According to Formula ^, we know that if A; = 1 mod 2, then 

gk = q +q ^ -q-^ - 2g^ + I = q'^ + q^^ {q^^ -q-2) + l. 

Since g > 3 and fc > 4, we have q~^i~ — (7 — 2 > 0, thus g^ > q^ . 
Else if fc = mod 2, then 

9k^q +q -l^q^^ -l^q^ -q^ ^ + l = q''+q'' \q^ - l^q' ~ l^q-l) + l■ 
S\n.ce q > 3 and /c > 4, we have (72- — Ig^ _ |g _ j^ -> q^ ^j^^g ^^^ > qk^ 

ii) It follows from Formula ^ since for all fc > 1 we have 2q~^^ > 1 which works 
out for odd k cases and |g2 + (72^1 > l which works out for even k cases, since 

\q>^/q- 

Hi) If s = r, then according to Formula Q, we have 

gk,s - 9k+l < g^'+' + q^ = q^'\q + l)p" ■ 

Else, s < r and Proposition 14.11 says that gk.s < %^ + 1- Moreover, since g^" > q 

and \q~^ ^^ > 9, we obtain gk+i < q''^^ + q'^ — q + I from Formula ([3]). Thus, we 
get 

gfc+l+gfc-g+1 

ffM < —, + 1 

= q'^-^q + l)p' - f + p'-' + 1 

< q^'-^q + l)p' + p'-'^ 

< q''-^{q + l)p' since < p""'' < 1 and gfc,s e N. 

iv) It follows from ii) since Proposition 14.11 gives gk^s < %^ + 1, so 



gk,s < -^—^ — r-s '^ h 1 which gives the result since p*"^*^ < ga for all fc > 2. D 

Lemma 4.4. Let q > 3 and k> A. We set Agk,s '■= gk,s+i — gk,s and Dk.s '■= {p — l)p^q^ 
and denote Mk,s := iVi(Ffe,,/F,2) = iVi(Gfc,,/F,) + 2N2{Gk,s/^q)- One has: 

(i) Agk,s > Dk.s, 
(ii) Mk,s > Dk^s ■ 

Proof, (i) From Hurwitz Genus Formula, one has gk.s+i ^ 1 > p{gk,s — 1), so 
gk,s+i — gk,s > (p ~ l)(.9fc.s — !)• Applying s more times Hurwitz Genus Formula, 
we get gk,s+i - gk,s >{p- 1)^"* {g{Gk) - l) ■ Thus gk,s+i - gk,s >{p- '^)p''q^, from 
Lemma 1331 i) since g > 3 and fc > 4. 
(ii) According to Proposition 14. 11 one has 

Mk,s > ((z'-l)g'=-V 

= (g + l)(g-l)g^-V 

> (g-i)gV 

> (p- l)q''p''. 

D 
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Lemma 4.5. Let Mk^s ■= Ni{Fk,s/¥g2) = Ni{Gk,s/¥g) + 2N2{Gk,s/Vg). For all 
k > 1 and s = 0, . . . ,r, we have 

sup {n e N I 2n < A4,, - 2gk,s + l} > ^(g + l)?^'" V'(<7 - 3). 

Proof. From Proposition 14.11 and Lemma [4.31 iiil. we get 

Mk,s - 2gk,s + 1 > (g' - I)?'" V' - Sg'^-i (g + l)p' + 1 

= (g+l)g'=-V((g-l)-2) + l 

> (g+l)g'^-V((7-3) 

thus we have sup {n e N | 2n < Mk,s - 2gk,s + 1} > jg'^^VC? + 1)('7 - 3). D 

4.2.2. About the Garcia-Stichtenoth-Riick's tower. In this section, p is an odd prime. 
We denote by g^ the genus of the step Hk and we fix Nk '■— Ni{Hk/¥p2) = 
Ni{Hk/¥p) + 2N2{Hk/¥p). The foUowing lemma is straightforward according to 
Formulae (g]) and (O: 

Lemma 4.6. These two bounds hold for the genus of each step of the towers T/¥p2 
and T/¥p: 

i) 9k < 2^+1 -2-2^+1, 
^^) g/c<2'=+i. 

Lemma 4.7. For all k > 0, we set Agk '■— gu+i ^ Qk- Then one has 

iVfe>A5fe>2^+i-2^. 

Proof. If k is even then Ag^ = 2*^+1 - 2^, else Agfe = 2*^+^ - 2^ so the 
second equality holds trivially. Moreover, since p > 3, the first one follows from 
Bounds © and dH) which gives Nk > 2*^+2. D 

Lemma 4.8. Let LIk be a step of one of the towers T/¥p2 or T/¥p. One has: 

sup {n € N \ Nk > 2n + 2gk - l} > 2''{p - 3) + 2. 

Proof. From Bounds ([S]) and ^ for Nk and Lemma ITBl i) . we get 

Nk-2gk + l > 2'=+i(p- 1) -2(2*^+1 -2-2T^ + 1) + 1 
= 2'^'+i(p-3)+4-2^ -1 
> 2*^+1 (p - 3) + 4 since k > 0. 

D 

4.3. General results for Hq{n). In [TU], Ballet and Le Brigand proved the follow- 
ing useful result: 

Theorem 4.9. Let F/¥q be an algebraic function field of genus g > 2. If q > 4, 
then there exists a non-special divisor of degree g — 1- 

The four following lemmas prove the existence of a "good" step of the towers 
defined in Section 14. 1[ that is to say a step that will be optimal for the bilinear 
complexity of multiplication: 

Lemma 4.10. Let n > ^ {cf' + 1 + e(g^)) be an integer. If q — p^ > 4, then there 
exists a step Fk^s/¥q2 of the tower T2/¥g2 such that all the three following conditions 
are verified: 
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(1) there exists a non-special divisor of degree gk.s — 1 in Fk^s/^q^, 

(2) there exists a place of Fk^s/¥ g2 of degree n, 

(3) Ni{Fk,s/¥g2) >2n + 2gk,s - 1- 

Moreover, the first step for which both Conditions (2) and (3) are verified is the 
first step for which (3) is verified. 

Proof. Note that n>9 since g > 4 and n > ^{q^ + 1) > 8.5. Fix 1 < A; < n-4 
and s e {0, . . . , r}. First, we prove that Condition (2) is verified. Lemma [4.31 iv) 
gives: 



2,M + 1 < 2^^ + ^)-'^"^'^-l) 



p,-= 



.9-1 



(7) < 2g'=-y(g+l) since 2^"^*^^ — ->1 



< ^q'iq'-l). 
On the other hand, one has n— l>fc + 3>fc+i+2so n— 1 > log (g''')+log (2) + 



\ogg{q + 1). This gives g"-i > 2q^{q + 1), hence ^""^(g - 1) > 2q''{q'^ - 1). There- 
fore, one has 2gk.s + 1 < q"^^{q ~ 1) which ensure us that Condition (2) is satisfied 
according to Corollary 5.2.10 in |30j. 

Now suppose also that k > log (^) + 1. Note that for all n > 9 there exists 
such an integer k since the size of the interval [log„ (^) -|-l,n — 4] is bigger than 
9 — 4 — log4 (^) — 1 > 3 > 1. Moreover such an integer k verifies g*^"^ > |n, so 
n < ^q''~^{q + l)(g — 3) since q > i. Then one has 

2n + 2gk,s - 1 < 2n + 2gk^s + 1 

< 2n + 2(j''"V(9 + l) according to 

< q''-\q + l){q-3) + 2q''-^p'{q + l) 

< (?'=-y(q + l)(g-l) 

which gives Ni{Fk.s/Vq'^) > 2n + 2gk^s ~ 1 according to Proposition 14 . II f 3) . Hence, 
for any integer k e [log (^) + l,n — 4], Conditions (2) and (3) are satisfied and 
the smallest integer k for which they are both satisfied is the smallest integer k for 
which Condition (3) is satisfied. 

To conclude, remark that for such an integer fc. Condition (1) is easily verified from 
Theorem 14.91 since g > 4 and gk,s > 92 > Q according to Formula ([3]). 

D 
This is a similar result for the tower T^/Fqi 

Lemma 4.11. Let n > 2 (g + 1 + £(?)) be an integer. If q = p^ > A, then there 
exists a step Gk^s/^q of the tower T^/Wg such that all the three following conditions 
are verified: 

(1) there exists a non-special divisor of degree gk,s — 1 in G/csf^q, 

(2) there exists a place of Gk,s/¥q of degree n, 

(3) Ni{Gk,s/¥q) + 2N2{Gk,skg) >2n + 2gk,s - 1. 



15 

Moreover, the first step for which both Conditions (2) and (3) are verified is the 
first step for which (3) is verified. 

Proof. Note that n > 5 since g > 4, e(g) > e(4) := 4 and n > 5(9+ 1 + £(?)) > 4.5. 
First, we focus on the case n > 13. Fix 1 < fc < ^^^ and s e {0, . . . , r}. One has 
2p^q^^^ < qT" since 



n — 1 



> k 



3 = fc- - 
2 



+ 1 + 1 + > log^(g'= 2 ) + log^(4) + logg(p^) + logg((7 + 1). 



Hence 2p'^q^{q + 1) < q'^~ (y/q — 1) since -^ < y/q — 1 for g > 4. According to ([7]) 
in the previous proof, this proves that Condition (2) is satisfied. 
The saine reasoning as in the previous proof shows that Condition (3) is also satisfied 
as soon as fc > log^ (^) + 1. Moreover, for n > 13, the interval [log^ (^) + 1, ^^] 
contains at least one integer and the smallest integer fc in this interval is the smallest 
integer fc for which Condition (3) is verified. Furthermore, for such an integer fc. 
Condition (1) is easily verified from Theorem 14.91 since g > 4 and gk,s > 52 > 6 
according to Formula ([3]) . 

To complete the proof, we want to focus on the case 5 < n < 12. For this 
case, we have to look at the values oi q = p^ and n for which we have both 
n > ^ {q + 1 + e{q)) and 5 < n < 12. For each value of n such that these two in- 
equalities are satisfied, we have to check that Conditions (1), (2) and (3) are verified. 
In this aim, we use the KASH packages [21j to compute the genus and number of 
places of degree 1 and 2 of the first steps of the tower T^/Wg. Thus we determine 
the first step Gk,s/^q that satisfied all the three Conditions (1), (2) and (3). We 
resume our results in the following table: 





q = p'' 


2^ 


2^ 


3^ 






e{q) 


4 


5 


6 






M'z + 1 + ^(9)) 


4.5 


7 


8 






n to be considered 


5 <n < 12 


7 < n < 12 


8 < n< 12 






(fc,s) 


(1 


,1) 




(1 


,1) 


(1,1) 






iVi(Gfc,,/F,) 


5 


9 


10 






N2{Gk,s/¥g) 


14 


124 


117 






r{Gk,s/¥g) 


15 


117 


113 






9k,s 


2 


12 


9 






2.%,. + 1 


5 


25 


19 






9"^'(Vg-i)>... 


16 


936 


4374 


















q = p'' 


5 


7 


11 


13 


<<l) 


4 


5 


6 


7 


i(g+l + e(g)) 


5 


6.5 


9 


10.5 


n to be considered 


5 < n < 12 


7< n< 12 


9 < n < 12 


ll<n< 12 


{k,s) 


(2,0) 


(2,0) 


(2,0) 


(2,0) 


N^{Gk,sl^q) 


6 


8 


12 


14 


N2{Gk,sl¥q) 


60 


168 


660 


1092 


r(Gfe,,/F,) 


53 


151.5 


611.5 


1021.5 


9k.,s 


10 


21 


55 


78 


2.%,. + 1 


21 


43 


11 


157 


q - {y/q-l)>... 


30 


564 


33917 


967422 
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In this table, one can check that for each value of q and n to be considered and 
every corresponding step Gk.s/^q one has simultaneously: 

• gk.s > 2 so Condition (1) is verified according to Theorem 14. 9[ 

• '^9k.s + 1 < Q^^ {y/Q ~ 1) so Condition (2) is verified. 

• r(Gfc,,/F,) := i (7Vi(Gfc,,/Fg) + 2iV2(Gfc,,/F,) - 2gk^, + 1) > n so Condi- 
tion (3) is verified. 

D 
This is a similar result for the tower T/¥p2: 

Lemma 4.12. Let p > 5 and n > ^ (p^ + 1 + e(p^)) • There exists a step Hk/¥p2 
of the tower T/¥p2 such that the three following conditions are verified: 

(1) there exists a non-special divisor of degree g^ — 1 m _fffc/Fp2, 

(2) there exists a place of Hk/¥p2 of degree n, 

(3) Ni{HklVp2)>2n + 2gk-l. 

Moreover the first step for which all the three conditions are verified is the first step 
for which (3) is verified. 

Proof. Note that n > i(5^ + 1 + e(5^)) = 18. We first prove that for all inte- 
gers k such that 2 < k < n ~ 2, we have 2gk + 1 < p"~^(p — 1) , so Condition (2) 
is verified according to Corollary 5.2.10 in [31]. Indeed, for such an integer k, since 
p > 5 one has k < log^ip"'^) < log2{p"~^ ~ 1), thus k + 2< logg (4(p"-i - 1)) < 
log2(4p"-i-l) and it follows that 2'=+^ + 1 < 4p"-i. Hence 2 • 2'=+^ + 1 < j5""i(p - 1) 
since p > 5, which gives the result according to Lemma ITBl ii) . 
We prove now that for k > log2(2n— 1) — 2, Condition (3) is verified. Indeed, 
for such an integer k, we have k + 2 > log2(2n — 1), so 2'^+^ > 2?t. — 1. Hence 
we get 2''+^ > 2n + 2*^+^ - 1 and so 2'=+i(p - 1) > 2*^+1 • 4 > 2n + 2''+'^ - 1 since 
p > 5. Thus we have Ni{Hk/¥p2) > 2n + 2gk — 1 according to Bound ^ and 
Lemma 14.61 ii) . 

Hence, we have proved that for any integers n > 18 and k > 2 such that 
log2(2ri — 1) — 2 < fc < 71 — 2, both Conditions (2) and (3) are verified. More- 
over, note that for any n > 18, there exists an integer fc > 2 in the interval 
[log2(2n- 1) -2; 71 -2]. Indeed, log2(2- 18 - 1) - 2 ~ 3.12 > 2 and the size of 
this interval increases with n and is greater than 1 for n = 18. To conclude, remark 
that for such an integer fc. Condition (1) is easily verified from Theorem 14.91 since 
p^ > 4 and gk > 92 — 3 according to Formula ^ . 

D 

This is a similar result for the tower T/¥p: 

Lemma 4.13. Let p > 5 and n > ^ (p + 1 + e{p)). There exists a step Hk/¥p of 
the tower T/¥p such that the three following conditions are verified: 

(1) there exists a non-special divisor of degree gfc ~ 1 in Hk/¥p, 

(2) there exists a place of Hk/¥p of degree n, 

(3) NiiHk/¥p) + 2Ni{Hk/¥p) >2n + 2gk - 1. 

Moreover the first step for which all the three conditions are verified is the first step 
for which (3) is verified. 
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Proof. Note that n > ^(5 + 1 + e(5)) = 5. We first prove that for all integers k 

such that 2 < fc < n — 3, we have 2gk + 1 < p^^ (y^ — 1), so Condition (2) is veri- 
fied according to Corollary 5.2.10 in [31]. Indeed, for such an integer k, since p > 5 
and n > 5 one has log2(p^^ — 1) > log2(5^^ — 1) > log2(2"'~^) — n — 1. Thus 
k + 2<n— l< log2(p^^ — 1) and it follows from Lemma 14.61 ii) that 
2.9/0 + 1 < 2*^+-^ + 1 < p^~ < p^2~ {y/p — 1), which gives the result. 
The same reasoning as in the previous proof shows that Condition (3) is also satisfied 
as soon as k > log2(2n — 1) — 2. Hence, we have proved that for any integers n > 5 
and fc > 2 such that log2(2?i — 1) — 2<fc<7i — 3, both Conditions (2) and (3) are 
verified. Moreover, note that the size of the interval [log2(2n — 1) — 2; n — 3] in- 
creases with n and that for any n > 5, this interval contains at least one integer 
fc > 2. To conclude, remark that for such an integer fc, Condition (1) is easily 
verified from Theorem 14.91 since p > 4 and g^ > 52 = 3 according to Formula ^ . 

D 
Now we establish general bounds for the bilinear complexity of multiplication by 
using derivative evaluations on places of degree one (respectively places of degree 
one and two). 

Theorem 4.14. Let q be a prime power and n > I be an integer. If there exists an 
algebraic function field F/¥q of genus g with N places of degree 1 and an integer 

< a < N such that 

(i) there exists TZ, a non-special divisor of degree g — I, 

(ii) there exists Q, a place of degree n, 
(Hi) N + a>2n + 2g-l. 
Then 

fJ-qin) <2n + g—l + a. 

Proof. Let V := {Pi, . . . , Pn} be a set of N places of degree 1 and V' be 
a subset of V with cardinal number a. According to Lemma 2.7 in [12], we can 
choose an effectif divisor T> equivalent to Q + TZ such that supp(I?) DV = 0. We 
define the maps Evq and Ev-p as in Theorem 13.61 with Ui — 2 ii Pi Cz V and 
u, = 1 if Pi e VyP'. Then Evq is bijective, since ker Evq = C{V - Q) with 
dim(X' - Q) = dim(i?) = and d\m{\m Evq) = dim 2? = degP - 5 + 1 + 1(1?) > n 
according to Riemann-Roch Theorem. Thus dim(imi?t;Q) = n. Moreover, Ev-p 
is injective. Indeed, ker Evp = £(22? — ^^^-,^ UjPj) with deg(2I? — X]i=i"i^i) = 
2{n + g-l)-N-a <0. Furthermore, one has rk £;t;7o = dim(2X') = deg(2I?)-5 + 

1 + i{2'D), and 1(21?) = since 2V>'D>TZ with i(7^) = 0. So rk£:t;-p = 2n + g-l, 
and we can extract a subset Vi from V and a subset V'l from V' with cardinal 
number Ni < N and ai < a, such that: 

• Ni+ai = 2n + g-l, 

• the map Evp-^ defined as Evp with Ui = 2 if Pi ^ V'l and Ui = 1 if 
Pi e Vi\'P[, is injective. 

According to Theorem 13.61 this leads to iJ,q{n) < Ni + 2ai < A^i -|- ai -|- a which 
gives the result. D 

Theorem 4.15. Let q be a prime power and n > I be an integer. If there exists 
an algebraic function field F/¥q of genus g with Ni places of degree 1, N2 places 
of degree 2 and two integers < ai < iVi, < 02 < N2 such that 
(i) there exists TZ, a non-special divisor of degree g — 1, 
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(ii) there exists Q, a place of degree n, 
(in) Ni + ai + 2{N2 + 02) > 2n + 2^ - 1. 
Then 

fiqin) <2n + g + N2 + ai+ 4a2 

and 

fiq{n) <3n+ -g+ Y + 3a2. 

Proof. Let Vi :— {Pi, . . . ,-PjVi} be a set of A^i places of degree 1 and V'l be 
a subset of Vi with cardinal number ai. Let 1^2 '■— {Qi, ■ ■ ■ , QN2} be a set of N2 
places of degree 2 and V2 be a subset of V2 with cardinal number 02. According to 
Lemma 2.7 in [12], we can choose an effectif divisor V equivalent to Q + TZ such that 
supp(I?) n {Vi U7'2) = 0- We define the maps Evq and Ev-p as in Theorem 13.61 
with u, = 2 if Pi e P{ U V2 and u,; = 1 if P, G (ViXP^) U {V2\P'2)- Then the same 
raisoning as in the previous proof shows that Evq is bijective. Moreover, Ev-p 
is injective. Indeed, 'kei Ev-p = C{2'D — X)i=i '^i^i) with deg(2I? — X]i=i "i^i) = 
2(n + g - 1) - (TVi + ai + 2(A^2 + 02)) < 0. Furthermore, one has ikEvp = 
dim(2X') = deg(2X>) - g + 1 + 1(21?), and 1(22?) = since 2V > V > U with 
i(7?.) = 0. So AEvp — 2n + g — I, and we can extract a subset Vi from T'l, a 
subset V'l from 7'(, a subset 1^2 from 7^2 and a subset 'P2 from T'j with respective 
cardinal numbers Ni < Ni, cii < ai, A'2 < N2 and 02 < ^27 such that: 

• 271 + 5 > ^1 + ai + 2(/^2 + 02) > 271 + 5 - 1, 

• the map Evf, defined as Evp with Ui ~ 2 ii Pi E V'lU V2 and Uj = 1 if 
(ViXVi) U (^2\^2)> is injective. 

According to Theorem 13.61 this leads to fiq{n) < Ni + 2a\ + 3(7V2 + 202) since 
Mfe(2) < 3 for all prime power fc. Hence, one has the first result since 

71. 

D 



TVi + ai + 2{N2 + 02) < 2n + g and the second one since ^^ + A^2 + 02 < f 



4.4. New upper bounds for /iq(n). Here, we give a detailed proof of Bound (i) 
of Theorem 13.81 and we give an improvement of Bound (ii). Moreover, we correct 
the bound for /ip2 (n) given in [T] and ameliorate the unproved bound for [ipin). 
Namely, we prove: 

Theorem 4.16. Let q — p^ > 4 be a power of the prime p. Then 

(i) Ifq^p->4, then /i,. (71) < 2 (^1 + -_-^_^^-_^ j 71, 



(ii) Ifq^p''>4, then ^lq{n) <i[l + 
(Hi) If p> 5, then /ip2 (n) < 2 ( 1 H — -^g- ) 

\ P 16 / 

(iv) Ifp > 5, then ^ip{n) < 3 ( 1 + -tt ) 7 

V f* 16 / 



q-3+(p-l)(l- 



Proof. 

(i) Let 71 > i(g^ + 1 + e(9^)). Otherwise, we already know from Theorems] 
and 13.111 that ^^2(71) < 27i. According to Lemma [4. 101 there exists a step of 
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the tower T2/¥q2 on which we can apply Theorem 14.141 with a = 0. We denote 
by Fk,s+i/^q^ the first step of the tower that suits the hypothesis of Theorem 
14. 141 with a = 0, i.e. k and s are integers such that Nk^s+i > 2n + 2gk^s+i — 1 
and Nk^s < 2n + 2gk^s - 1, where iVfc,s := ^i(-Ffc,s/F,2) and gk := giFk,s)- We 
denote by tt-q'' the biggest integer such that Nk^s > 2nQ'* + 2gk.s — 1, i-e. 
Hq'^ = sup {n £ N I 2n < A'^^^s — 2gk^s + l}- To perform muhiphcation in Fg2r. , 
we have the fohowing alternative: 

(a) use the algorithm on the step Fk^s+i- In this case, a bound for the bilinear 
complexity is given by Theorem 14.141 applied with a = 0: 

/iq2 {n) <2n + gk,s+i - 1 = 2n + gu.s - 1 + ^gk,s- 

(Recall that A^^^^ := gk,s+i - gk.s) 

(b) use the algorithm on the step Fk^s with an appropriate number of deriv- 
ative evaluations. Let a := 2[n — rio'**) ^^'^ suppose that a < Nk.s- Then 
Nk,s > 2nQ''* + 2gk^s — 1 implies that Nk^s + a > 2n + 2gk^s — 1 so Condi- 
tion (iii) of Theorem 14.141 is satisfied. Thus, we can perform a derivative 
evaluations in the algorithm using the step Fk,s and we have: 

^g2 (n) <2n + gk,s - 1 + a. 

Thus, if a < Nk^s Case (b) gives a better bound as soon as a < Agk^s- Since 
we have from Lemma l4.4l both Nk^s ^ Dk,s and Agk^s ^ ^fc,s, if a < Dk^s then 
we can perform a derivative evaluations on places of degree 1 in the step Fk^s 
and Case (b) gives a better bound then Case (a). 

For X e M+ such that Nk,s+i > 2[x] + 2gk,s+i - 1 and Nk,s < 2[a;] -I- 2gk,s - 1, 
we define the function ^k.s{x) as follow: 

^ ,.( 2x + gk,s-^ + '2{x-nQ''') ii 2{x - Uq'") < Dk,s 
\ 2x + gk,s+i - 1 else. 

We define the function $ for all a; > as the minimum of the functions ^k,s 
for which x is in the domain of ^k,s- This function is piecewise linear with 
two kinds of piece: those which have slope 2 and those which have slope 4. 
Moreover, since the y-intercept of each piece grows with k and s, the graph 
of the function $ lies below any straight line that lies above all the points 

("o" "* 1^' 'J^C'^o'" ^ 1^))' since these are the vertices of the graph. Let 

X := tIq'* H 1^, then 

$(X) < 2X + gk,s+i-l 
< 2X + gk,s+i 

We want to give a bound for ^{X) which is independent of k and s. 
Recall that Dk.s '■= {p — 1)f''z'^! and 

2no'" > q'^'^p'^iq + l)(g - 3) by Lemma |13] 
and 

gk,s+i < q'''\q + l)p"^^ by Lemma lU (iii). 
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So we have 






9k,s+l 


= 


gk,s+i 


2X 


2no''* + Dk,s 




< 


q''-\q + l)p'+^ 




qk-lps^q + l){q - 3) + (p - l)p'*g'= 




= 


q''-\q+l)p'p 




q''-^{q + l)p'{q-S + {p-l)^) 






P 



{q-3) + ip-l)^ 

Thus, the graph of the function $ hes below the hue y = 2 ( 1 + , 3) i f'^ p '' ) ^• 
In particular, we get 

(ii) Let n > ^{q + 1 + e{q)). Otherwise, we already know from Theorems 12.21 
and 13.111 that ^iq{n) < 2n. According to Lemma [4.11) there exists a step of 
the tower T^/Wq on which we can apply Theorem 14.151 with ai = a2 — 0. 
We denote by Gk,s+i/Pq the first step of the tower that suits the hypoth- 
esis of Theorem 14.151 with ai = 02 = 0, i.e. k and s are integers such that 
Nk,s+i >2n + 2gk^s+i - 1 and Nk,s < 2n + 2gu^s - 1, where 

Nk,s ■■= Ni{Gk,s/^q) + 2N2{Gk,s/^q) and gu^, := g{Gk,s). We denote by nl'' 
the biggest integer such that Nk,s > 2nQ'* + 2gk^s — 1, i-e. 
Uq^ — sup |n e N I 2n < Nk,s — '^gk,s + l}- To perform multiplication in F^n, 
we have the following alternative: 

(a) use the algorithm on the step Gk,s+i ■ In this case, a bound for the bilinear 
complexity is given by Theorem 14.151 applied with ai == a2 = 0: 

^iq{n) < 3n + -9k,s+i = Srig^'' + -gu^s + 3(n - nl'") + -Ag^^s- 

(b) use the algorithm on the step Gk.s with an appropriate number of deriva- 
tive evaluations. Let oi -|- 2a2 := 2(n — ng'*) and suppose that oi + 2a2 < Nk^s- 
Then N^.s > 2ng'* -|- 2gk^s — 1 implies that N^^s + ai + 2a2 > 2n + 2gk^s — 1- 
Thus we can perform oi +a2 derivative evaluations in the algorithm using 

the step Gk,s and we have: 

/Zq(n) < 3n -I- -gk,s + i^{ai + 202) = in^'" + -g^^s + 6(n - Uq"). 

Thus, if oi-f 2a2 < Nj^.^^ Case (b) gives a better bound as soon as n — tIq'* < ^Ag^^^. 
Since we have from Lemma [4.41 both Nk,s > Dk.s and ^Agfes > ^Dk,s, if 
fli -|- 2a2 < Dk^s, i-e. n — rip'* < ■^D^.s, then we can perform ai derivative 
evaluations on places of degree 1 and 02 derivative evaluations on places of 
degree 2 in the step Gk,s and Case (b) gives a better bound then Case (a). 
For a; e M+ such that Nk,s+i >'2[x]+ 2gk,s+i ~ 1 and A^fc,s < 2[x] -f 2gk^s - 1, 
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we define the function ^k.s{x) as follow: 



3a; + |gfc,s + 3{x — n^'") if x — np'" < -^ 



3x + 23fe,s+i else. 

We define the function $ for all a; > as the minimum of the functions ^k,s 
for which x is in the domain of ^k,s- This function is piecewise linear with 
two kinds of piece: those which have slope 3 and those which have slope 6. 
Moreover, since the y- intercept of each piece grows with k and s, the graph 
of the function $ lies below any straight line that lies above all the points 



n, 



k.s . Dk.s ;r.i-„k,s . -Dfc 



"^ 2 



X ■= n'^'" + -^, then 



, $(ng''* H 5^)), since these are the vertices of the graph. Let 



<J>(X) < 3X + ^gk,s+i 



= 3 1 



\ 2X ) 



We want to give a bound for ^{X) which is independent of k and s. 
Recall that Dk^s '■= {p— ^)p^(l^, and 

nl'' >-q''-^p'{q+l){q-'i) by Lemma mi] 

and 

9k,s+i < q''-\q + l)p"+^ by Lemma US] (iii). 
So we have 

gk,s+l __ 9k.s+l 

-2X- - 2{nl- + %) 

g'=-i(q + iy+i 
2(i<7'=-V(9 + l)(g - 3) + i(p - l)r<7'=) 

q''~^{q + l)p''p 
gfe-i('7 + l)p^((?-3+(p-l)^ 



< 



(g-3) + (p-l)^ 

Thus, the graph of the function $ lies below the line y — S [I 
In particular, we get 

$(n) < 3 I 1 ' ^ 



(9-3) + (p-l)^ 



(9-3) + (p-l)^ 



(iii) Let n > ^(p^ + 1 + e(p^)). Otherwise, we already know from Theorems 12.21 
and 13.111 that Hp2{n) < 2n. According to Lemma [4.121 there exists a step of 
the tower T/¥p2 on which we can apply Theorem 14. 141 with a = 0. We denote 
by iJfe+i/Fp2 the first step of the tower that suits the hypothesis of Theo- 
rem 14.141 with a = 0, i.e. k is an integer such that A'^^+i > 2n + 2gk+i — 1 and 
Nk <2n + 2gk- I, where Nk := Ni{Hk/¥p2) and gk := g{Hk). We denote by 
Uq the biggest integer such that Nk > 2nQ + 2gk — 1, i.e. 
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tiq ~ sup |n G N I 2n < Nk — 2gk + l}- To perform multiplication in Fp2n, we 
have the following alternative: 

(a) use the algorithm on the step Hk+i- In this case, a bound for the bilinear 
complexity is given by Theorem 14. 141 applied with a = 0: 

Hp2 (n) <2n + gk+i -l = 2n + gk-l + Agk,s- 

(Recall that Agk := gk+i - gk) 

(b) use the algorithm on the step Hk with an appropriate number of deriv- 
ative evaluations. Let a := 2{n — tiq) and suppose that a < Nk- Then 
^k > 2?T,Q + 2gk — 1 implies that Nk + a> 2n + 2gk — 1 so Condition (3) 
of Theorem 14.141 is satisfied. Thus, we can perform a derivative evalua- 
tions in the algorithm using the step Hk and we have: 

ljLp2 (n) < 2n + gk — I + a- 

Thus, if a < Nk Case (b) gives a better bound as soon as a < Agk- For 
a; e M+ such that Nk+i >2[x] + 2gk+i - 1 and Nk < 2[a:;] -I- 2gfe - 1, we define 
the function ^k{x) as follow: 

2x + gk-l + 2{x-n!^) ii 2{x - n^) < Agk 



^'^^^^ 1 2x + gk+i~l else. 

Note that when Case (b) gives a better bound, that is to say when 2{x — tiq) < Agk, 
then according to Lemma 14.71 we have also 

2{x - n^) < Nk 

so we can proceed as in Case (b) since there are enough rational places to use 
a = 2{x — tiq) derivative evaluations on. 

We define the function $ for all a; > as the minimum of the functions 
^k for which x is in the domain of $fe. This function is piecewise linear 
with two kinds of piece: those which have slope 2 and those which have 
slope 4. Moreover, since the y-intercept of each piece grows with fc, the 
graph of the function $ lies below any straight line that lies above all the 
points (n§ H — |^,$(riQ H — f^)), since these are the vertices of the graph. 
Let X :=ng + ^, then 

^X) < 2X + gk+i-l<2{l + ^)X- 

We want to give a bound for ^{X) which is independent of fc. 
Lemmas 14.61 ii) , 14.71 and 14.81 give 



2X 



< 



2k+2 



< 



2fe+: 


'{p- 


3) +4 + 2*^+1 -2 

2fc+2 


fc+i 

2 




2fe+: 


'{{P 


-3) + l + 2-^+i- 
2 


-2- 


fc+i \ 


2 


2 + 2 


-fe+i - 2-^ 




P- 


33 
16 
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since —-^ is the minimum of the function k i— > 2^^^+^ — 2 ~ . 

16 

Thus, the graph of the function $ Ues below the hne y = 2 ( 1 H — ^^ ) x. In 



particular, we get 



P-TS 



*(n)<2(l + -— 33 

f 16 



(iv) Let n> \{p+l + e(p))- Otherwise, we already know from Theorems 12.21 and 
13.111 that fj.p{n) < 2n. According to Lemma [4.131 there exists a step of the 
tower T/Fp on which we can apply Theorem l4. 151 with ai — 02 — 0. We denote 
by Hk+i/¥p the first step of the tower that suits the hypothesis of Theorem 
14.151 with ai — a2 = 0, i.e. k is an integer such that N^+i > 2n + 2gk+i — 1 
and TVfc < 2n + 25fc - 1, where Nk := Ni{Hk/¥p) + 2N2{Hk/¥p) and gk := .g(^fe) 
We denote by Uq the biggest integer such that N^ > 2n^ + 2gk — 1, i.e. 
n§ = sup {n G N I 2n < Nk — 2gk + l}- To perform multiplication in Fp^, we 
have the following alternative: 

(a) use the algorithm on the step Hk+i- In this case, a bound for the bilinear 
complexity is given by Theorem 14.151 applied with ai — a2 — 0: 

3 3 3 

fiq{n) < 3n + -gk+i = 3n^ + -gk + 3(n - ng) + -^^9k- 

(b) use the algorithm on the step Hk with an appropriate number of derivative 
evaluations. Let oi + 2a2 '■— 2{n — tiq) and suppose that ai + 2a2 < Nk- 
Then Nk > 2ng + 2gk-l implies that Nk + ai + 2a2 >2n + 2gk-l. Thus 
we can perform ai + a2 derivative evaluations in the algorithm using the 
step Hk and we have: 

3 3 3 

fip{n) < 3n + -gk + -(ai + 2a2) == 3tIq + -gk + 6(n - ng). 

Thus, if ai+2a2 < Nk^s Case (b) gives a better bound as soon as n — tiq'* < ^Agk^, 
For X e M+ such that Nk+i > 2[x] + 2gk+i - 1 and Nk < 2[a::] + 25fe - 1, we 
define the function ^k{x) as follow: 

( 3x+yk + 3{x-n^) ifx-ng<^ 

Note that when Case (b) gives a better bound, that is to say when 2{x — tiq) < Agk, 
then according to Lemma l47fl we have also 

2{x - ng) < Nk 

so we can proceed as in Case (b) since there are enough places of degree 1 and 
2 to use ai + a2 = 2{x — tiq) derivative evaluations on. 

We define the function $ for all a; > as the minimum of the functions 
^k for which x is in the domain of $fe. This function is piecewise linear 
with two kinds of piece: those which have slope 3 and those which have 
slope 6. Moreover, since the y-intercept of each piece grows with fc, the 
graph of the function $ lies below any straight line that lies above all the 

points (no H — |^,$(no H — f^))j since these are the vertices of the graph. 

fe , 




3x + Igfc+i else. 



Let X -.= 71^ + ^, then 



*W < 3X+^5fc+i = 3(l + ^)x 
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We want to give a bound for $(X) which is independent of k. 
The same reasoning as in (iii) gives 

9k+i ^ 2 



2^ -P~§ 

Thus, the graph of the function $ Hes below the hne y = 3 [1 + ^_^^ ] x. In 
particular, we get 

$fn) < 3 I 1 + ^ 



„_ 33 
^ 16 



D 

4.5. New asymptotical upper bounds for fJ,q{n). In this section, we give upper 
bounds for the asymptotical quantities ruq and Mq which are defined above in 
Section 13.1.21 First, let us repair the two main mistaken statements (as well as 
their corollaries) due to I. Shparlinsky, M. Tsfasman and S. Vladut (Theorem 3.1 
and Theorem 3.9 in [25J) in the two following propositions. 

Proposition 4.17. Let q be a prime power such that A(q) > 2. Then 

Proof. Let {Fs/¥q) be a sequence of algebraic function fields defined over 
Vq. Let us denote by gs the genus of Fs/¥q and by Ni{s) the number of places of 
degree 1 of Fs/¥q. Suppose that the sequence {Fs/¥q)^ was chosen such that: 

(1) lims^+oo5s = +oo; 

(2) lim,^+^^ = A(g). 

Let e be any real number such that < e < — ^ — 1. Let us define the following 
integer 

JVi(s)-2g,(l + e) 
L 2 

Let us remark that 

Ni{s)^gsA{q)+o{g,), 

so Niis) - 2(1 + e)gs - gs {A{q) - 2(1 + e)) + o(g,). 
Then the following holds 

(1) there exists an integer sq such that for any s > sq the integer n^ is strictly 
positive; 

(2) for any real number c such that < c < A{q) — 2(1 + e) there exists an 
integer si such that for any integer s > si the following hols: rig > %gsi 
hence rig tends to +oo; 

(3) there exists an integer §2 such that for any integer s > S2 the following 

holds: 2 (7s + 1 < q^^~ [q^ — l) and consequently there exists a place of 

degree Us (cf. [30l Corollary 5.2.10 (c) p. 207] ). 

(4) the following inequality holds: iVi(s) > 2ns + 2gs — 2 and consequently, 
using Theorem 13.91 we conclude that piq{ns) < 2ns + Qs — 1- 
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Consequently, 

™^ ^ 2 + ^ lirn^ ^^^^^ -'2(l"+'e)5. - 2 ^ K' ^ ^('Z) -2(1 + .) 
This inequality is true for any e > sufficiently small. Then we obtain the result. 

D 

Corollary 4.18. Let q ~ p™ he a prime power such that q> A. Then 

.n,.<2(l + -l^ 

Note that this corollary lightly improves Theorem 13.21 Now in the case of arbi- 
trary g, we obtain: 

Corollary 4.19. For any q = p™ > 3, 

rriq <3(l + 

Proof. For any q = p™ > 3, we have q^ = p^™ > 16 and thus Corollarv l4.18l 
gives mg2 < 2 ( 1 H — ^ 1 . Then, by Lemma [331 "^g have 

which gives the result since /i<j(2) — 3 for any q. D 

Now, we are going to show that for Mg the same upper bound as for rriq can 
be proved though only in the case of q being an even power of a prime. However, 
we are going to prove that in the case of q being an odd power of a prime, the 
difference between the two bounds is very slight. 

Proposition 4.20. Let q = p"^ be a prime power such that q > 4. Then 

1 



M,2 < 2 1 , 

Proof. Let q = p™ be a prime power such that q > 4. Let us consider two 
cases. First, we suppose q — p. We know that for any real number e > and 
for any sufficiently large real number x, there exists a prime number Ik such that 
X < Zfc < (1 + e)x. Now, without less of generality let us consider the characteristic 
p such that p 7^ 11. Then it is known ([33J and [22) that the curve Xk = XQ{lllk), 
where Ik is the fc-th prime number, has a genus gk = Ik and satisfies Ni{Xk(¥g2)) > 
{q — l){gk + 1) where Ni{Xk{¥q2)) denotes the number of rational points over ¥^2 
of the curve Xk- Let us consider a sufficiently large n. There exist two consecutive 
prime numbers Ik and Ik+i such that [p — l){lk+i + 1) > 2n + 2lk+i — 2 and 
{p — l){lk + 1) < 2n + 2/fe — 2. Let us consider the algebraic function field Fk+i/Wp2 
associated to the curve Xk+i of genus Ik+i defined over Fp2. Let Ni{Fk/¥p2) be the 
number of places of degree i of Fk/¥p2. Then Ni{Fk+i/¥p2) > {p — l)('fe+i + 1) > 
2n + 2lk^i — 2. Moreover, it is known that Nn{Fk+i/¥p2) > for any integer n 
sufficiently large. We also know that Ik+i — h ^ l^ ^'-'^ ^^y integer k > ko where 
fco can be effectively determined by |2]- Then there exists a real number e > such 
that Ik+i — lk = dk < Ik ^ namely Ik+i < (1 + e)^fc- It is sufficient to choose e such 
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that elf^' < 1. Consequently, for any integer n sufficiently large, this algebraic 
function field Ffc+i/Fp2 satisfies Theorem 13.91 a-nd so /ip2(n) < 2n + Ik+i — 1 < 
2n+ {1 + e)lk - 1 with Ik < -^ - ^. Thus, as n — > +oo then Ik — > +oo and 

e — > 0, so we obtain Mp2 < 2 ( f + -^]- Note that for p = f f , Proposition 4.1.20 

in [33| enables us to obtain gk — Ik + 0{1). 

Now, let us study the more difficult case where q = p™ with m > 1. We use 
the Shimura curves as in |21]. Recall the construction of this good family. Let L 
be a totally real abelian over Q number field of degree m in which p is inert, thus 
the residue class field Ol/{p) of p, where Ol denotes the ring of integers of L, is 
isomorphic to the finite field Fg. Let p be a prime ideal of L which does not divide 
p and let _B be a quaternion algebra for which 

B (g)Q M = A/2(K) (g) H «) ... (g) H 

where H is the skew field of Hamilton quaternions. Let B be also unramified at 
any finite place if (to — 1) is even; let B be also unramified outside infinity and p 
if (to — 1) is odd. Then, over L one can define the Shimura curve by its complex 
points Xr(C) = F \ t), where f) is the Poincare upper half-plane and F is the group 
of units of a maximal order O of _B with totally positive norm modulo its center. 
Hence, the considered Shimura curve admits an integral model over L and it is 
well known that its reduction Xr,p(Fp27n) modulo p is good and is defined over 
the residue class field Ol/{p) of p, which is isomorphic to F^ since p is inert in 
L. Moreover, by [25], the number A^i(Xr,p(Fg2)) of Fq2-points oi Xr.p is such that 
Ni{XY^p{¥q-i)) > {q — l){g + 1), where g denotes the genus of Xr.p{¥q2). Let now I 
be a prime which is greater than the maximum order of stabilizers F^, where z G f) 
is a fixed point of F and let p\ I. Let Fo(?)i be the following subgroup of GL2{'Z,i): 

Fo(Oi = {( " J ) eGL2{Zi),c = 0{modl)}. 

Suppose that I splits completely in L. Then there exists an embedding F — s- Q; 
where Q; denotes the usual Z-adic field, and since B (g)Q Q; — M2{Qi), we have a 
natural map: 

Let F; be the inverse map of Fo(?); in F under (pi. Then F; is a subgroup of F of 
index I. We consider the Shimura curve Xi with 

Xi{c)^ri\i). 

It admits an integral model over L and so can be defined over L. Hence, its 
reduction Xi,p modulo p is good and it is defined over the residue class field Ol/{p) 
of p, which is isomorphic to Fg since p is inert in L. Moreover the supersingular 
Fp-points of Xyjp split completely in the natural projection 

T^i ■ Xi^p — > Xy^p- 

Thus, the number of the rational points of X;.p(Fg2) is: 

Ni{Xi^p{¥q2))>l{q-l){g + l). 

Moreover, since I is greater than the maximum order of a fixed point of F on (], the 
projection tt; is unramified and thus by Hurwitz formula, 

gi = l + l{g-l) 
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where gi is the genus of Xi (and also of Xi^p). 

Note that since the field L is abelian over Q, there exists an integer N such that 
field L is contained in a cyclotomic extension Q(CAr) where Cn denotes a primitive 
root of unity with minimal polynomial <i>jv- Let us consider the reduction ^N.ik of 
$jv modulo the prime Ik- Then, the prime Ik is totally split in the integer ring of 
L if and only if the polynomial ^N.ik i^ totally split in Fjj. — Z/Z^Z i.e if and only 
if Fjj. contains the Nth roots of unity which is equivalent to A^ | ^^ — 1. Hence, any 
prime Ik such that ^^ = 1 mod N is totally split in Q{Cn) and then in L. Since Ik 
runs over primes in an arithmetical progression, the ratio of two consecutive prime 
numbers Ik = ^ mod N tends to one. 

Then for any real number e > 0, there exists an integer fco such that for any 
integer k > ko, h+i < (1 + e)^fc where Ik and Ik+i are two consecutive prime 
numbers congruent to one modulo N. Then there exists an integer n^ such that for 
any integer n > n^, the integer fc, such that the two following inequalities hold 

lk+i{q-l){g+l)>2n + 2gi,^,-2 

and 

lk{q-l){g + l)<2n + 2gi,-2, 

satisfies k > kg where gi^ — I + li{g ~ 1) for any integer i. Let us consider the 
algebraic function field Fk/¥q2 defined over the finite field ¥^2 associated to the 
Shimura curve Xi^ of genus gi^ . Let Ni{Fk/Vq2) be the number of places of degree 
ioiFk/Vg2. Then Afi(i^fc+i)/F,2) > lk+i{q~l)ig+l) > 2n+2gi^^^-2 where g is the 
genus of the Shimura curve Xr,p(Fq2). Moreover, it is known that there exists an 
integer no such that for any integer n > uq, Nn{Fk+i/¥g2) > 0. Consequently, for 
any integer n > max(ne, no) this algebraic function field Fk+i/¥ij2 satisfies Theorem 
[nHandso/Xq2(n) < 2n + gi^^-^-l < 2n + lk+i{g-l) < 2n+{l + e)lk{g-l) with Ik < 
, _■ w i3m_2( ^i-i ■ Thus, for any real number e > and for any n > max(n(;,no), 

we obtain fig2{n) <2n+ ^g^;][lX\\'-%\ ^hich gives A/,2 < 2 (l + ^) . D 

Proposition 4.21. Let q = p™ be a prime power with odd m such that q > 5 . 
Then 



Mg<3n + —- 

Proof. It is sufficient to consider the same families of curves that in Proposition 
14.201 These families of curves Xk are defined over the residue class field of p which 
is isomorphic to ¥q. Hence, we can consider the associated algebraic function 
fields Fk/¥g defined over F,. li q = p, we have Ni{Fk+i/¥p2) = Ni{Fk+i/¥p) + 
2N2{Fk+i/¥p) > {p-l){lk+i + l) > 2n+2lk+i-2 since Fk+i/¥p2 = Fk+i/¥p®w¥p2. 
Then, for any real number e > and for any integer n sufficiently large, we have 
^p(n) < 3n + 3g;,+i < 3n + 3(1 + e)lk by Theorem [SH since iV„(Ffc+i/F^2) > 0. 

Then, by using the condition Ik < ^ - ^, we obtain Mp < 3 [l + -^^V If 

q ^ p"' with odd m, we have Ni{Fk+i/¥q2) = Ni{Fk+i/¥g) + 2N2{Fk+i/¥g) > 
lk+iiq-l){g + l) > 2n+2gi^^,-2 since i^fe+i/F,2 = Fk+i/¥g(g)w^¥g2. Then, for any 
real number e > and for any integer n sufficiently large as in Proof 2201 we have 
fig{n) < 3n+3gi^^^ < 3n+3(l+e)/fc by TheoremEHsince A^„(i^fe+i/F,2) > 0. Then, 

by using the condition Ik < , _^-^, _i3n-2( -i) ^^ obtain Mg < 3 1 1 H — ^ ) . D 
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Proposition 4.22. 

M2 < 13.5. 

Proof. Let q — p™ — 4. We also use the Shimura curves. Let L = Q{\/d) be a 
totally real quadratic number field such that d = 1 mod 8. Then the prime p — 2 
is totally split in L and so the residue class field Ol/{p) of p, where Ol denotes 
the ring of integers of L, is isomorphic to the finite field F2. Then, let p be a prime 
of L which does not divide p and let _B be a quaternion algebra for which 

where H is the skew field of Hamilton quaternions. Let B be also unramified outside 
infinity and p. Then, over L one can define the Shimura curve by its complex points 
Xr(C) = r\ [), where f) is the Poincare upper half- plane and T is the group of units 
of a maximal order O oi B with totally positive norm modulo its center. Hence, 
the considered Shimura curve admits an integral model over L and it is well known 
that its reduction Xr,p(Fp2™ ) modulo p is good and is defined over the residue class 
field Ol/{p) oi p = 2, which is isomorphic to F2 since p = 2 is totally split in 
L. Moreover, by |^, the number Ni{Xr.p{¥q2) of F^2 -points of Xr^p is such that 
Ni{^r,p(^q'^)) > (9 — !)(<? + 1), where g denotes the genus of Xr^p{Vq2). Let now I 
be a prime which is greater than the maximum order of stabilizers F^ , where z e f) 
is a fixed point of F and let p\ I. Let Tq{1)i be the following subgroup of GL2(Z/): 

ro{l)i = { (^ " Jj ") e GL2{Zi),c = {mod I)}. 

Suppose that I splits completely in L. Then there exists an embedding F — > Q/ 
where Q/ denotes the usual Z-adic field, and since B (g)Q Q/ — M2 {Qi ) , we have a 
natural map: 

0/ ■.T^GL2iZi). 

Let F; be the inverse map of Fo(/)/ in F under (f>i. Then F; is a subgroup of F of 
index /. We consider the Shimura curve Xi with 

XiiC)=Ti\l). 

It admits an integral model over L and so can be defined over L. Hence, its reduction 
Xi^p modulo p — 2 is good and it is defined over the residue class field Ol/{p) of 
p — 2, which is isomorphic to F2 since p — 2 is totally split in L. Moreover the 
supersingular Fp-points of ^r,p split completely in the natural projection 

TT; : Xi,p — 7^ Xr,p. 

Thus, the number of the rational points of Xi,p{¥g2) is: 

NiiXi^pi¥g2))>l{q-l){g + l). 

Moreover, since I is greater than the maximum order of a fixed point of F on t), the 
projection tt/ is unramified and thus by Hurwitz formula, 

gi^l + l{g~l) 

where gi is the genus of Xi (and also of Xi^p). Note that since the field L is abelian 
over Q, there exists an integer A'^ such that field L is contained in a cyclotomic 
extension Q{Cn) where t^N denotes a primitive root of the unity with minimal 
polynomial $Ar. Let us consider the reduction ^N,ik of $7v modulo the prime 
Ik- Then, the prime Ik is totally split in the integer ring of L if and only if the 
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polynomial ^nj^ i^ totally split in F;^ = Z/Z^Z i.e if and only if F/^. contains the 
Nth roots of the unity which is equivalent to N \ Ik — 1- Hence, any prime Ik such 
that Ik = I mod N is totally split in Q(Cjv) and then in L. Since Ik runs over 
primes in an arithmetical progression, the ratio of two consecutive prime numbers 
Ik = 1 mod N tends to one. Then for any real number e > 0, there exists an 
integer kg such that for any integer k > kg, h+i ^ (1 + e)^fc where Ik and ^^+1 
are two consecutive prime numbers congruent to one modulo N. Then there exists 
an integer n^ such that for any integer n > n^, the integer fc, such that the two 
following inequalities hold 

lk+i{q - l)(.g + 1) > 2n + 2.9,,^, + 6 

and 

lk{q~l){g+l)<2n + 2gi^+6, 
satisfies fc>fco where gi. = I + li{g — 1) for any integer i. 

Let us consider the algebraic function field Fk/^2 defined over the finite field F2 
associated to the Shimura curve Xi^ of genus gi^. Let Ni{Fk/¥t) be the number 
of places of degree i of Fk/¥t where t is a prime power. Then, since Fk+i/¥g2 = 
Fk+i/¥2(E)r,¥q2 forq = 4, wehave 7Vi(Ffc+i/F,2) = Ni{Fk+i/¥2)+2N2iFk+i/¥2) + 
4A'^4(i^fc+i/F2) > lk+i{q - l){g + 1) > 2n + 2gi^^^ + 6 where g is the genus of the 
Shimura curve Xr,p(Fq2). Moreover, it is known that there exists an integer ng 
such that for any integer n > uq, Nn{Fk+i/¥q2) > 0. Consequently, for any integer 
n > max(ne,no) this algebraic function field Ffe+i/F2 satisfies Theorem 3.2 in [12] 
&ndso^l2{n) < ^in+gi^^,+5) < |(n + /fc+i(.g-l)+6) < f (n+(l + e)/fe(.g-l)) + 27 
with Ik < ( _-,-,, ^jt^nf -1*1 • Thus, for any real number e > and for any n > 

max(ne,n.o), we obtain //jW < f (n + 2n^i±|i + ^) + 27 < |(1 + 2(1 + e))n + 63 
which gives M2 < 13, 5. D 
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ON THE TENSOR RANK OF MULTIPLICATION IN FINITE 
EXTENSIONS OF FINITE FIELDS 

S. BALLET, J. CHAUMINE, J. PIELTANT, AND R. HOLLAND 



Abstract. In this paper, we give a survey of the known results concern- 
ing the tensor rank of the multiplication in finite fields and we establish new 
3 ^ asymptotical and not asymptotical upper bounds about it. 



1. Introduction 



,^ ' Several objects constitute the aim of this paper. First, it is a question of in- 

troducing the problem of the tensor rank of the multiplication in finite fields and 
of giving a statement of the results obtained in this part of algebraic complexity 
C^ , theory for which the best general reference is [T7]. In particular, one of the aims 

of this paper is to list exhaustively the few published mistaken statements and to 
explain them. In the second part, we repair and clarify certain of these statements. 
.. Last but not least, we improve several known results. In this section we introduce 

►^ , the problem, we set up notation and terminology and we present the organization 

T^ ' of this paper as well as the new obtained results. 

00 ■ 

1.1. The bilinear complexity of the multiplication. Let F^ be a finite field 

with q — p'' elements where p is a prime number. Let Fgn be a degree n extension 
t~^ ■ of Fq. The multiplication m in the finite field Fg>. is a bilinear map from F^n x F^i. 

^D \ into Fqi. , thus it corresponds to a linear map M from the tensor product F^i. (^ F^i. 

into Vqr^ . One can also represent M by a tensor Im G F*„ F*„ Fq- where F*„ 

denotes the algebraic dual of F^i. . Each decomposition 

, , , k 

X' (1) iM = Va*«)6*«)c. 

^' 

of the tensor Im , where a* , h* G F*„ and q G F^n . brings forth a multiplication 

algorithm 

k 

x.y = tM{x fX" y) = ^ ^i (a;) ® b*i^) ® c^. 

i=l 

The bilinear complexity of the multiplication in ¥qn over F^, denoted by fJ.q{n), 
is the minimum number of summands in the decomposition ([TJ . Alternatively, we 
can say that the bilinear complexity of the multiplication is the rank of the tensor 

tM (cf. m, HI)- 
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1.2. Organization of the paper. In Section 2, we present the classical results 
via the approach using the multiplication by polynomial interpolation. In section 3, 
we give an historical record of results resulting from the pioneer works due to D.V. 
and G.V. Chudnovky [20J and later Shparlinski, Tsfasman and Vladut in [29J. In 
particular in Subsection 3.1, we present the original algorithm as well as the most 
successful version of the algorithm of Chudnovsky type at the present time. This 
modern approach uses the interpolation over algebraic curves defined over finite 
fields. This approach, which we recount the first success as well as tlie rocks on 
which the pionners came to grief, enables to end at a first complete proof of the 
linearity of the bilinear complexity of multiplication [3J. Then, in Subsection 3.2, 
we recall the known results about the bilinear complexity fJ-q{n). Finally, in Section 
4, we give new results for fJ-q{n). More precisely, we obtain new upper bounds for 
fiq{n) as well as new asymptotical upper bounds. 

2. Old classical results 
Let 

n 

P{u) = y^g^u' 

i=0 

be a monic irreducible polynomial of degree n with coefficients in a field F. Let 



n-l 



R{u) — y XiU^ 



and 



n-l 
i=0 

be two polynomials of degree < n — 1 where the coefficients Xi and y^ are indeter- 
minates. 

Fiduccia and Zalcstein (cf. [55], fT7] p. 367 prop. 14.47) have studied the general 
problem of computing the coefficients of the product R{u) x S{u) and they have 
shown that at least 2n— 1 multiplications are needed. When the field F is infinite, 
an algorithm reaching exactly this bound was previously given by Toom in [32]. 
Winograd described in [:34j all the algorithms reaching the bound 2n — 1. More- 
over. Winograd proved in |35| that up to some transformations every algorithm for 
computing the coefficients of R(u) x S{u) mod P{u) which is of bilinear complexity 
2n — 1, necessarily computes the coefficients of R{u) x 5(m), and consequently uses 
one of the algorithms described in [33] ■ These algorithms use interpolation technics 
and cannot be performed if the cardinality of the field F is < 2n — 2. In conclusion 
we have the following result: 

Theorem 2.1. If the cardinality of F is < 2n — 2, every algorithm computing the 
coefficients of R{u) x S{u) mod P{u) has a bilinear complexity > 2n — 1. 

Applying the results of Winograd and De Groote [53] and Theorem 12.11 to the 
multiplication in a finite extension F^n of a finite field Fg we obtain: 

Theorem 2.2. The bilinear complexity fJ-q{n) of the multiplication in the finite field 
¥qn over ¥q verifies 

fXq{n) > 2n- 1, 



with equality holding if and only if 

n<l + l. 

This result does not give any estimate of an upper bound for fJ.q{n), when n is 
large. In [57], Lempel, Seroussi and Winograd proved that A*q(n) has a quasi- linear 
upper bound. More precisely: 

Theorem 2.3. The bilinear complexity of the multiplication in the finite field ¥qn 
over ¥q verifies: 

l^q{n) < fq{n)n, 
where fq{n) is a very slowly growing function, namely 

fq{n) = 0(log^ logg • • • \ogq{n)) 

k times 

for any fc > 1. 

Furthermore, extending and using more efhciently the technique developed in 
|16| . Bshouty and Kaminski showed that 

IJ-qin) > 3n — o{n) 

for g > 3. The proof of the above lower bound on the complexity of straight-line 
algorithms for polynomial multiplication is based on the analysis of Hankel matrices 
representing bilinear forms defined by linear combinations of the coefhcients of the 
polynomial product. 

3. The modern approach via algebraic curves 

We have seen in the previous section that if the number of points of the ground 
field is too low, we cannot perform the multiplication by the Winograd interpo- 
lation method. D.V. and G.V. Chudnowsky have designed in |20J an algorithm 
where the interpolation is done on points of an algebraic curve over the groundfield 
with a sufficient number of rational points. Using this algorithm, D.V. and G.V. 
Chudnovsky claimed that the bilinear complexity of the multiplication in finite ex- 
tensions of a finite field is asymptotically linear but later Shparlinski, Tsfasman and 
Vladut in [29J noted that they only proved that the quantity niq = lim inf fc_>oo ^^ 
is bounded which do not enable to prove the linearity. To prove the linearity, it is 

u (k) 

also necessary to prove that Mq ~ lim sup^..^^^ f^ is bounded which is the main 
aim of their paper. However, I. Cascudo, R. Cramer and C. Xing recently detected 
a mistake in the proof of Shparlinski, Tsfasman and Vladut. Unfortunately, this 
mistake that we will explain in details in this section, also had an effect on their 
improved estimations of ruq. After the above pioneer research, S. Ballet obtained in 
[3| the first upper bounds uniformly with respect to q for Hq{n). These bounds not 
being affected by the same mistake enable at the same time to prove the linearity 
of the bilinear complexity of the multiplication in finite extensions of a finite field. 
Then, S. Ballet and al. obtained several improvements which will be recalled at 
the end of this section. These different improvements are based on the following 
main ideas: the use of towers of algebraic functions fields [5] [S], the descent of their 
definition field [13] [11] , the use of places of higher degree [13] [19] as well as the 
use of local expansion [T] [T^] . 

3.1. Linearity of the bilinear complexity of the multiplication. 



4 S. BALLET, J. CHAUMINE, J. PIELTANT, AND R. HOLLAND 

3.1.1. The D.V. Chudnovsky and G.V. Chudnovsky algorithm. In this section, we 
recall the brilliant idea of D.V. Chudnovsky and G.V. Chudnovsky and give their 
main result. First, we present the original algorithm of D.V. Chudnovsky and G.V. 
Chudnovsky, which was established in 1987 in ^20j. 

Theorem 3.1. Let 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 

• V be a divisor of F/¥q, 

u V = {Pi, ..., Pn} be a set of places of degree 1. 

We suppose that Q, Pi, • • • ,Pn OuTc not in the support ofD and that: 

a) The evaluation map 

EvQ : C{V) ^ F,,. ~ Fq 

is onto (where Fq is the residue class field of Q), 

b) the application 



. r C{2V) ^ F,^ 



(/(Pi),..., /(Pat)) 

is injective. 
Then 

liq{n) < N. 

As pointed in [29J, using this algorithm with a suitable sequence of algebraic 
curves defined over a finite field ¥q, D.V. Chudnovsky and G.V. Chudnovsky only 
proved the following result: 

Theorem 3.2. Let q be a square > 25. Then 
liniinf^^<2(l 



^/9-3 

3.1.2. Asymptotic bounds. As seen previously, Shparlinski, Tsfasman, Vladut have 
given in [29j many interesting remarks on the algorithm of D.V. and G.V. Chud- 
novsky and the bilinear complexity. In particular, they have considered asymptotic 
bounds for the bilinear complexity in order to prove the asymptotic linearity of 
this complexity from the algorithm of D.V. and G.V. Chudnovsky. Following these 
authors, let us define 

Hq{k) 



Mq = lim sup 
and 



'9 

k- 



rUq = hni mt — ; — . 

fc->-oo k 

It is not at all obvious that either of these values is finite but anyway the bilinear 
complexity of multiplication can be considered as asymptotically linear in the degree 
of extension if and only if the quantity Mq is finite. First, let us recall a very useful 
Lemma due to D.V. and G.V. Chudnovsky [2Qj and Shparlinski, Tsfasman, Vladut 
[291 Lemma 1.2 and Corollary 1.3]. 



Lemma 3.3. For any prime power q and for all the positive integers n and m, we 
have 

fiqim) < fiqinin) < ^q{n).^iq^{m) 

niq < mq'n..fj,q{n)/n 

Mq<Mqr..lJLq{n). 

Now, let us summarize the known estimates concerning these quantities, namely 
the lower bound of TO2 obtained by R. Brockett, M. Brown and D. Dobkin in |14j 
[15] and the lower bound of ruq for q > 2 given by Shparlinski, Tsfasman and Vladut 

in L29J. 

Proposition 3.4. 

TO2 > 3.52 

and 

1 

9-1 



rUq > 2 ( 1 H ) for any q > 2. 



Note that all the upper bounds of Mq and rUq for any q given by Shparlinski, 
Tsfasman and Vladut in [53] are not proved. Indeed, in [SU], they claim that for 
any q (in particular for q = 2), rUq and overall Mq are finite but I. Cascudo, R. 
Cramer and C. Xing recently communicated us the existence of a gap in the proof 
established by I. Shparlinsky, M. Tsfasman and S. Vladut: "the mistake in [29] 
from 1992 is in the proof of their Lemma 3.3, page 161, the paragraph following 
formulas about the degrees of the divisor. It reads: "Thus the number of hnear 
equivalence classes of degree a for which either Condition a or Condition (3 fails is 
at most Dfji + Dt. " This is incorrect; Df, should he multiplied by the torsion. Hence 
the proof of their asympotic bound is incorrect. " 
Let us explain this gap in next section. 

3.1.3. Gap in the proof of the asymptotic linearity. We settle the following elements 

(1) a place of degree n denoted by Q; 

(2) 2n + g — 1 places of degree 1 : Pi, • • • , P2n+g-i- 
We look for a divisor D such that: 

(1) degiD) = n + g ~ 1; 

(2) dim{C{D - Q)) ^ 0; 

(3) dim(£(2i^ _ (p^ + P2 + . . . + P2„+<,-i))) = 0. 

The results concerning Mq et rUq obtained in the paper |33j depend on the 
existence of such a divisor D. 

Let us remark that these conditions only depend on the class of a divisor (the 
dimension of a divisor, the degree of a divisor are invariant in a same class). Conse- 
quently, we can work on classes and show the existence of a class [D] which answers 
the question. 

Let Jn+g~i be the set of classes of degree n + g — 1 divisors. We know from 
F. K. Schmidt Theorem that there exists a divisor Dq of degree n + g — 1. The 
application ipn+g-i from Jn+g-i into the Jacobian Jq defined by 

i^n+g-lim = [D - Do] 

is a bijection from Jn+g-i into Jq. All the sets Jk have the same number h of 
elements {h is called the number of classes). 
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Let u be the application from Jn+g-i into Jg-i defined by u([-D]) = [D — Q]. 
This application is bijective. Thus if we set 

Hn+g-i ^{[D]e Jn+g-1 I dini([i? - Q]) = 0}, 

and 

Kg^i = {[A] e Jg-i I dim([A])=0}, 
we have 

Kg-l = u{Hn+g-i), 
and then 

#Hn + g-l = #Kg^l. 

Let us note that if [A] is an element of Jg-i which is in the complementary of 
Kg-i namely dim([A]) > 0, then there exists in the class [A] at least an effective 
divisor (there exists a x such that A + (x) > 0) . Moreover effective divisors in dif- 
ferent classes are different. So the complementary of Kg-i in Jg-i has a cardinality 
< Ag-i where Ag^i is the number of effective divisors of degree g — 1- Then the 
cardinality of A'g_i verifies the inequality 

#i/„ + g_l = #i^g_l >h-Ag^l. 

Let us remark that classes which belong to iJ„_|_g_i are the only ones which can 
solve our problem. But they also have to verify the additional condition 

dim{C{2D - (Pi + Pa + • • • + P2n+g-i))) = 0. 

We would like to use a combinatorial proof as for the first condition. 

So we have to consider the application v from H„+g-i to Jg^i defined by 

v{[D]) = [21? - (Pi + P2 + • • • + P2„+<,-l)]. 

Unfortunately the application [D] i-^ [20] is not necessarily injective. This is related 
to 2-torsion points of the Jacobian. The fact that the application v is not injective 
does not allow us to conclude that there exists an image "big" enough and use a 
combinatorial argument like in the first part. 

3.2. Known results about the bilinear complexity fJ,g{n). 

3.2.1. Extensions of the Chudnovsky algorithm. In order to obtain good estimates 
for the bilinear complexity, S. Ballet has given in f3] some easy to verify conditions 
allowing the use of the D.V. and G.V. Chudnovsky algorithm. Then S. Ballet and 
R. RoUand have generalized in [13] the algorithm using places of degree 1 and 2. 

Let us present the last version of this algorithm, which is a generalization of the 
algorithm of type Chudnovsky introduced by N. Arnaud in ^j and M. Cenk and F. 
Ozbudak in [19]. This generalization uses several coefficients in the local expansion 
at each place Pi instead of just the first one. Due to the way to obtain the local 
expansion of a product from the local expansion of each term, the bound for the 
bilinear complexity involves the complexity notion Mq{u) introduced by M. Cenk 
and F. Ozbudak in [T5] and defined as follows: 

Definition 3.5. We denote by Mq(u) the minimum number of multiplications 
needed in Fg in order to obtain coefficients of the product of two arbitrary u-term 
polynomials modulo x" in F„ [x\ . 



For instance, we know that for all prime powers q, we have Mq{2) < 3 by |18) . 

Now we introduce the generalized algorithm of type Chudnovsky described in |19) . 

Theorem 3.6. Let 

• q be a prime power, 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 

• T) be a divisor of F/¥q, 

m V ^ {Pi, ■ ■ ■ , Pn} be a set of N places of arbitrary degree, 

• ui, . . . , UN be positive integers. 

We suppose that Q and all the places in V are not in the support of V and that: 

a) the map 

C{V) ^ Fg. ~ Fq 

f ^ fiQ) 

is onto, 

b) the map 



Eve 



Ev-p 



C{2V) -^ (F,de,Pi)"^ X (F,do,P,)"' X • • • X (F,dc,P„)"" 

/ ^ (^i(/),^2(/),...,^^(/)) 

is injective, where the application ipi is defined by 

r £(22?) -^ (Fgdc,P.)"' 
^^'l / ^ {fiP,),f'iP,),...j(-^-'\P,)) 

with f = f{Pi) + f'{Pi)t, + f"{P^)tf + ... + f''''^{Pi)t'^ + ..., the local expansion 
at Pi of f in C{2'D), with respect to the local parameter ti. Note that we set 
f^°^ = /. 
Then 



N 



l^qin) < > Aig(degP,)MgdogPi(uO. 



=1 



Let us remark that the algorithm given in J20J by D.V. and G.V. Chudnovsky is 
the case deg Pi — 1 and Ui = 1 for i = 1, . . . , N. The first generalization introduced 
by S. Ballet and R. Rolland in [T3] concerns the case degP^ = 1 or 2 and Ui = 1 for 
i = 1, . . . ,N. Next, the generalization introduced by N. Arnaud in [1] concerns the 
case deg P^ = 1 or 2 and u^ = 1 or 2 for i = 1, . . . , A^. However, note that the work 
of N. Arnaud has never been published and contains few mistakes (mentioned below) 
which will be repared in this paper. Finally, the last generalization introduced by 
M. Cenk and F. Ozbudak in [TH] is useful: it allows us to use certain places of 
arbitrary degree many times, thus less places of fixed degree are necessary to get 
the injectivity of Ev-p . 

In particular, we have the following result, obtained by N. Arnaud in [T]. 

Corollary 3.7. Let 

• q be a prime power, 

• F/¥q be an algebraic function field, 

• Q be a degree n place of F/¥q, 

• T? be a divisor of F/¥q, 

• V ~ {Pi, . . . , PjVi , PjVi+i, ■ • ■ , ^iVi+JV2} ^e o- set of Ni places of degree 
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one and N2 places of degree two, 
m < li < Ni and < ^2 < -^2 be two integers. 

We suppose that Q and all the places in V are not in the support of T) and that: 
a) the map 

EVQ -.CiV)^ Wgr. ~ Fq 

is onto, 
h) the map 

r £(22?) ^ F^i X ¥^^ X F^s" x fJ^| 
Evv-{ f ^ (/(Pi),...,/(K),/'(A),...,/'(Ph), 

[ f{PN, + l). ■■■, fiPN,+N,)J'iPN, + l), . . . , f'{PN,+l,)) 

is injective. 
Then 

fiq{n) <Ni+2li+3N2 + 6l2- 

Moreover, from the last corollary applied on Garcia-Stichtenoth towers, N. Ar- 
naud obtained in [T] the two following bounds: 

Theorem 3.8. Let q — p^ be a prime power. 

(^) Ifq>4, then ^,.(n) < 2 (l + ^_3^^^_f^(^__^) 

2p 



(ii) If q > 16, then piq{n) < 3 1 + 



g-3+2(p-l)(l- 



We will give a proof of Bound (i) together with an improvement of Bound (ii) in 
Section 14.41 In that section, we will also prove two revised bounds for pLpi {n) and 
IJ.p{n) given by Arnaud in [Tj. Indeed, Arnaud gives the two following bounds with 
no detailed calculation: 



(iii) If p > 5 is a prime, then /ip2 (n) < 2 I 1 + -^ 1 n, 

(iv) If p > 5 is a prime, then fJ.p{n) < 3 1 1 H — — ) n. 

In fact, one can check that the denominators p— 1 and p— 2 are slightly overestimated 
under Arnaud's hypotheses. 

From the results of [3] and the previous algorithm, we obtain (cf. [3], |13|): 

Theorem 3.9. Let q be a prime power and let n be an integer > 1. Let F/¥q be 
an algebraic function field of genus g and Nk the number of places of degree k in 
F/¥g. IfF/¥g is such that 2g + 1 < q"^ {q^ - 1) then: 

1) if Ni>2n + 2g- 2, then 

fiq{n) <2n + g—l, 

2) if there exists a non-special divisor of degree g — 1 and Ni + 2iV2 > 2n + 2g — 2, 
then 

liq{n) < 3n + 3g, 

3) if Ni + 2N2 > 2n + Ag~2, then 

fJ-q{n) < 3?i + 6g. 



3.2.2. Known upper bounds for Hq{n). From good towers of algebraic functions 
fields satisfying Theorem 13.91 it was proved in [3], [5], [13], [11], [6] and [9]: 

Theorem 3.10. Let q ^ p^ a power of the prime p. The bilinear complexity ^iq{n) 
of multiplication in any finite field F^n is linear with respect to the extension degree, 
more precisely: 

Hq{n) < CqU 
where Cq is the constant defined by: 



Ca 



else if q = S 
else if q = p > 5 



then 22 
then 27 

then 3 [l + ^ 



else ifq=p'^>25 then 2 ( 1 + ^3 



else ifq^ p^^ > 16 then 2 ( 1 
else if q > 4: 



9-3+(p-l)(l-^, 

then 6 [1 + ■^) 



else if q > 16 



the 



3 1 



_2p_ 



g-3+2(p-l)(l-^) 



[12] and [19] 
E] 

m 
m 

m 



Note that the new estimate for the constant C2 comes from two recent improve- 
ments. First, one knows from Table 1 in [19 that /i2(^) < 22n for 2 < n < 7 since 
M2("-) < 22 for such integers n. Moreover, applying the bound /i2("-) < ^"- + ^ 
obtained in [12J, one gets ^^{n) < I ^ + 21^8 ) "" — "^^^ ^'^'" '^ — 8. Note also that 
the upper bounds obtained in [8] and [7] are obtained by using the mistaken state- 
ments of I. Shparlinsky, M. Tsfasman and S. Vladut [29] mentioned in the above 
section 13.1.31 Consequently, these bounds are not proved and unfortunatly they 
can not be repaired easily. However, certain not yet published results recently due 
to H. Randriambololona concerning the geometry of Riemann-Roch spaces might 
enable to repair them in certain cases. 

3.2.3. Some exact values for the bilinear complexity. Applying the D.V. and G.V. 
Chudnovsky algorithm with well fitted elliptic curves, ShokroUahi has shown in |28] 
that: 

Theorem 3.11. The bilinear complexity ^iq{n) of the multiplication in the finite 
extention ¥qn of the finite field Fg is equal to 2n for 



(2) 



-q + l<n<-{q + l + eiq)) 



where e is the function defined by 



the greatest integer < I^Jq prime to q, if q is not a perfect square 
2^/9, if q is a perfect square. 
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We still do not know if the converse is true. More precisely the question is: 
suppose that fiq{n) — 2n, are the inequalities ([2]) true? 

However, for computational use, it is helpful to keep in mind some particu- 
lar exact values for fJ.q{n), such as fiq(2) = 3 for any prime power q, /i2(4) = 9, 
/i4(4) = M5(4) = 8 or ^^2(2'^') = 15 [20j. 

4. New results for ^J,q{n) 

4.1. Towers of algebraic function fields. In this section, we introduce some 
towers of algebraic function fields. Theorem 13.91 applied to the algebraic function 
fields of these towers gives us bounds for the bilinear complexity. A given curve 
cannot permit to multiply in every extension of F^, just for n lower than some 
value. With a tower of function fields we can adapt the curve to the degree of 
the extension. The important point to note here is that in order to obtain a well 
adapted curve it will be desirable to have a tower for which the quotients of two 
consecutive genus are as small as possible, namely a dense tower. 

For any algebraic function field F/¥q defined over the finite field ¥q, we denote 
by g{F/¥q) the genus of F/¥q and by Nk{F/¥q) the number of places of degree k 

in F/¥q. 

4.1.1. Garcia- Stichtenoth tower of Artin-Schreier algebraic function field exten- 
sions. We present now a modified Garcia-Stichtenoth's tower (cf. [53], [S], |13j l 
having good properties. Let us consider a finite field Fg2 with q = p^ > S and r an 
odd integer. Let us consider the Garcia-Stichtenoth's elementary abelian tower Ti 
over ¥q2 constructed in [23J and defined by the sequence (Fq, Fi,F2, . . .) where 

Fk+i ■= Fk{zk+i) 

and Zk+i satisfies the equation: 

Q I </+l 

4+1 + zk+1 ^ 4 

with 

Xk := Zk/xk-i in Fk{for k > 1). 
¥q2{xo) is the rational function field over ¥q2 and Fi the Hermitian 
function field over ¥q2 . Let us denote by gk the genus of Fk , we recall the following 

1 - q^ - 2q^ +1 if fc = 1 mod 2, 

"^ - i(7^+^ - |q^ -q^"^ + 1 iffc = mod 2. 

Let us consider the completed Garcia-Stichtenoth tower 

T2 = Fofi C _Fo,i C . . . C FQ,r C Fifi C Fi^i C . . . C Fi^r ■ ■ ■ 

considered in ^ such that Fk C Fk^s ^ Fk+i for any integer s S {0, . . . ,r}, with 
Fk,o = Fk and Fk^r — ^fe+i- Recall that each extension Fk^s/Fk is Galois of degree 
p" with full constant field ¥^2 . Now, we consider the tower studied in [T3] 

T3 = Geo Q Go,i c . . . c Go,r Q Gifl c G14 c . . . c Gi^r ■ ■ ■ 

defined over the constant field F^ and related to the tower T2 by 

Fk.s — Fq2 Gfe.s for all k and s, 

namely ¥k,s/¥q2 is the constant field extension of Gk,s/¥q. Note that the tower T3 
is well defined by [T3] and [TT]. Moreover, we have the following result: 
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Proposition 4.1. Let q = p^ > ^ be a prime power. For all integers k > 1 and 
s S {0, . . . ,r}, there exists a step Fk,s/^q^ (respectively Gk.s/^q) with genus gk,s 
and Nk^s places of degree 1 in Fk,s/^q^ (respectively N^^s places of degree 1 and 2 
in Gk,s/^q with places of degree 2 being counted twice) such that: 

(1) Fk C Fk^s ^ Fk+i, where we set Fk^ = Fu and F^^r = F^+i, 
(respectively Gk ^ Gk,s ^ Gk+i, where we set Gkfl = Gk and Gk.r — Gk+i), 

(2) {gk - l)p' + 1 < gk.s < f^ + 1, 

(3) Nk,s > {q^ - l)q'''^p' ■ 

4.1.2. Garcia- Stichtenoth tower of Kummer function field extensions. In this sec- 
tion we present a Garcia-Sticlitenotli's tower (cf. [9]) having good properties. Let 
Fg be a finite field of characteristic p > 3. Let us consider the tower T over Fg 
which is defined recursively by the following equation, studied in |24| : 

2 _ X^ + 1 

^ ~ 2x ' 

The tower T/¥q is represented by the sequence of function fields {Hq, Hi,H2, ...) 
where H^ = Fg(xo,Xi, ...,x„) and xf^-^ = {x^ + l)/2xi holds for each i > 0. Note 
that Hq is the rational function field. For any prime number p > 3, the tower 
T/Fp2 is asymptotically optimal over the field Fp2 , i.e. T/¥p2 reaches the Drinfeld- 
Vladut bound. Moreover, for any integer fc, Hk/¥p2 is the constant field extension 
offffc/Fp. 

From ^, we know that the genus g{Hk) of the step Hk is given by: 

,,, ,„ , f 2*^+1 -3-2t +1 iffc = mod 2, 

^^^ 9^^'^-\ 2^^+1-2.2^ + 1 iffc^l mod2. 

and that the following bounds hold for the number of rational places in Hk over 
Fp2 and for the number of places of degree 1 and 2 over F^: 

(5) N,{Hk/¥p.)>2''+\p-l) 
and 

(6) N^[Hk/¥p) + 2N2iHk/¥p) > 2'^+i(p- 1). 

From the existence of this tower, we can obtain the following proposition (9]: 

Proposition 4.2. Let p be a prime number > 5. Then for any integer n > 
^{p + 1 + e{p)) where e(p) is defined as in Theorem ] 3. Ill 

1) there exists an algebraic function field Hk/¥p2 of genus g{Hk/¥p2) such that 
2g{Hk/¥p2) + 1 < p^-\p ~ 1) and Ni{Hk/¥p2) > 2n + 2g{Hk/¥p2) - 2, 

2) there exists an algebraic function field Hk/¥p of genus g{Hk/¥p) such that 
2g{Hk/¥p) + l<p^{pi~l) and Ni{Hk/¥p)+2N2{Hk/¥p) > 2n+2g{Hk/¥p)- 
2 and containing a non-special divisor of degree g{Hk/¥p) — 1. 

4.2. Some preliminary results. Here we establish some technical results about 
genus and number of places of each step of the towers r2/Fg2, Ta/Fg, T/¥p2 and 
T/¥p defined in Section 14711 These results will allow us to determine a suitable step 
of the tower to apply the algorithm on. 
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4.2.1. About the Garcia- Stichtenoth's tower. In this section, q :— p'' is a power of 
the prime p. 

Lemma 4.3. Let q > S. We have the following bounds for the genus of each step 
of the towers T2/¥q2 and T^/Wq: 

i) 9k > q'^ for all k > 4, 

a) 9k < q'^^Hq + 'i^) - y/qq^ , 

i'^i) 9k, s < q^^^{q + ^)p^ for all k > and s = 0, . . . ,r, 
iv) gk,s < '?'°(g+i^7_'?7(g-i) for allk>2 ands = 0,...,r. 

Proof, i) According to Formula ^, we know that if A; = 1 mod 2, then 

gk = q +q - q^~ - Sg^ + 1 = q'^ + q^^ {q^~ - g - 2) + l. 

k — 1 , 

Since q > 3 and /c > 4, we have q~2- — ^ _ 2 > 0, thus gk > q . 
Else if A: = mod 2, then 

5fc = r + g^ - 2* 2^' "'^' ' + 1 = 9^ + 9^ (g^ - 2^ - 2«-i) + i- 

Since g > 3 and /c > 4, we have q'^ — ig^ — |(7 — 1 > 0, thus g^ > q''- 

a) It follows from Formula ^ since for all fc > 1 we have 2g~2- > l which works 
out for odd k cases and ^q^ + q^^^ > 1 which works out for even k cases, since 

hq>V^- 

Hi) If s = r, then according to Formula ([3]), we have 

9k,s = 9k+i < q""^^ +q'" = q^'\q + l)p" ■ 

Else, s < r and Proposition l4. II savs that gk.s < ^^1^ + 1- Moreover, since g^~ > q 

and \q'^ ^^ > 9, we obtain gk+i < q'^^^ + q*' — q+ \ from Formula Q. Thus, we 
get 

gfc+l + gfc - g + 1 
ffM < —s + 1 

= q^-\q+l)p'' ~p' +P'-'' + 1 

< q^-\q + l)p'+p'-'' 

< q''^\q + l)p' since < p''"' < 1 and gk,s e N. 

iv) It follows from ii) since Proposition 14.11 gives gk.s < %^ + 1, so 

k fc + 1 

5'fe^s < ^--^^ — T^T^ h 1 which gives the result since p^^'^ < q^ for all fc > 2. D 

Lemma 4.4. Let q > 3 and fc > 4. M^e set A^fc^^ :— gk,s+i — gk,s and Dk,s '■= {p — l)p^q^ 
and denote Mk,s := iVi(Ffe,s/F,2) = Ni{Gk,s/iq) + 2N2{Gk,s/Vq). One has: 

(i) Agk,s > Dk,s, 
(ii) Mk,s > Dk,s- 

Proof, (i) From Hurwitz Genus Formula, one has gk,s+i ^ 1 > p{9k,s — 1), so 
gk, s+i — gk,s ^ (p — l)(5fc,s — !)■ Applying s more times Hurwitz Genus Formula, 
we get gk,.s+i - gk,s >{p- l)p'* (giGk) - l) • Thus gk,s+i - gk,s >{p~ l)^''?'', from 
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Lemma l473l i) since q > 3 and fc > 4. 

(ii) According to Proposition 14. !( one has 

Mk,s > iq^-l)q''-'p' 

= {q + l){q-l)q''-'f 

> b-i)<zV- 

D 

Lemma 4.5. Let Mt^s :- Ni{Fk^sl^q^) - A^i(Gfc.,/Fg) + 2Af2(Gfc,./F,). For all 
fc > 1 and s = 0, . . . , r, we have 

sup {n e N I 2n < A'h^s - 2gk,s + l} > ^{q + l)q''-^p%q - 3). 
Proof. From Proposition 14. II and Lemma [4.31 iii). we get 

Mk,s - 2gk,s + 1 > (q^- l)q''-'p' - 2q''-'{q + l)p' + 1 
= (g+l)g'=-V((g-l)-2) + l 
> (g+l)g'^-V(g-3) 
thus we have sup {n G N | 2n < Mk.s - 2gk,s + 1} > ^^^^P^iq + 1)('7 - 3). D 

4.2.2. About the Garcia-Stichtenoth-Ruck's tower. In this section, p is an odd prime. 
We denote by gu the genus of the step Hu and we fix Nk := Ni{Hk/¥p2) = 
Ni{Hk/Vp) + 2N2{Hk/Vp). The fohowing lemma is straightforward according to 
Formulae (g]) and ^■. 

Lemma 4.6. These two bounds hold for the genus of each step of the towers T/¥p2 
and T/Wp.- 

i) 9k < 2^=+! -2-2^+1, 
It) gk <2'=+i. 

Lemma 4.7. For all k > 0, we set Agk := gk+i — gk- Then one has 

iVfe> A5fc>2'=+i-2^. 

Proof. If fc is even then Agk = 2*-'+^ - 2^ , else A^fc = 2*=+^ - 2t~ so the 
second equality holds trivially. Moreover, since p > 3, the first one follows from 
Bounds (P and ^ which gives Nk > 2''+^. D 

Lemma 4.8. Let Llk be a step of one of the towers T/¥p2 or T/¥p. One has: 

sup {neN\Nk>2n + 2gk~l} > 2''{p - 3) + 2. 

Proof. From Bounds ([5]) and ([6]) for Nk and Lemma l4!6l i) . we get 

Nk-2gk + l > 2'=+i(p-l)-2(2'=+i -2-2^ + 1) + 1 
= 2''+i(p-3)+4-2T--l 
> 2''+i(p-3)+4since fc> 0. 

D 
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4.3. General results for iJ.q{n). In [Tn|, Ballet and Le Brigand proved the follow- 
ing useful result: 

Theorem 4.9. Let F/¥q be an algebraic function field of genus g > 2. If q > 4, 
then there exists a non-special divisor of degree 5 — 1 . 

The four following lemmas prove the existence of a "good" step of the towers 
defined in Section 14.11 that is to say a step that will be optimal for the bilinear 
complexity of multiplication: 

Lemma 4.10. Let n > ^ (q^ + 1 + f{q'^)) be an integer. If q — p^ > 4, then there 
exists a step Fk.s/^q^ of the tower T2/¥g2 such that all the three following conditions 
are verified: 

(1) there exists a non-special divisor of degree gk.s — 1 in Fk^s/^q'^, 

(2) there exists a place of Fk^s/Vq2 of degree n, 

(3) Ni{Fk,s/^q^) >2n + 2gk,s - 1- 

Moreover, the first step for which both Conditions (2) and (3) are verified is the 
first step for which (3) is verified. 

Proof. Note that n > 9 since q>A and n>\{q'^ + l)> 8.5. Fix 1 < A: < n~A 
and s G {0, . . . , r}. First, we prove that Condition (2) is verified. Lemma [4.31 iv) 
gives: 

pr s 
= 2p'(q''-\q+l)-qi'^^\+\ 



(7) < 2g'^-y(g+l) since 2^"?*^^ — ^->l 

q 

< ^q'iq^-l). 

On the other hand, one has n— l>fc + 3>fc+|+2so n— 1 > logg(g'^)-|-log^(2)-|- 
\ogg{q-\-l). This gives g"-i > 2q''{q + 1), hence ^"-^(g- 1) > 2q''{q'^ - 1). There- 
fore, one has 2gk,s + 1 < q"^^{q — 1) which ensure us that Condition (2) is satisfied 
according to Corollary 5.2.10 in [30J. 

Now suppose also that k > log„ (^) -I- 1. Note that for all rt > 9 there exists 
such an integer k since the size of the interval [log„ (^) -1-1, n — 4] is bigger than 
9 — 4 — log4 (%^) — 1 > 3 > 1. Moreover such an integer k verifies q'^"^ > |n, so 
n < ^q'^^^iq + l){q — 3) since q > i. Then one has 

2n -I- 2gk,s - 1 < 2n + 2gk^s + 1 

< 2n + 2q''^"V('7 + l) according to dll) 

< q^-\q + l){q-i) + 2q^-^p\q + l) 

< g'=-y(<z + l)(g-l) 
= (g2-l)g'=-V 

which gives Ni{Fk^s/^q'^) > 2n + 2gk,s — 1 according to Proposition l4.1l f3). Hence, 
for any integer k e [log^ (^) -\- l,n — 4], Conditions (2) and (3) are satisfied and 
the smallest integer k for which they are both satisfied is the smallest integer k for 
which Condition (3) is satisfied. 
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To conclude, remark that for such an integer fc, Condition (1) is easily verified from 
Theorem 14.91 since g > 4 and gk,s > 92 > G according to Formula ([3]). 

D 
This is a similar result for the tower T^/Wg-. 

Lemma 4.11. Let n > i (g + 1 + e{q)) be an integer. If q = p'' > 4, then there 
exists a step Gk,s/^q of the tower T^/Wq such that all the three following conditions 
are verified: 

(1) there exists a non-special divisor of degree gk,s — 1 in Gk.s/^q, 

(2) there exists a place of Gk.s/^q of degree n, 

(3) iVi(Gfe^,/F,) + 2N2{Gkj¥q) >2n + 2gk,s - 1. 

Moreover, the first step for which both Conditions (2) and (3) are verified is the 
first step for which (3) is verified. 

Proof. Note that n > 5 since g > 4, e{q) > e(4) = 4 and n > ^{q + I + e{q)) > 4.5. 
First, we focus on the case n > 13. Fix 1 < A: < ^^^ and s G {0, . . . , r}. One has 
2p'*q'^^^ < 9~2~ since 

^^— >fc + 3 = fc-- + l + l + -> loggCg'^-^) + log,(4) + log^ip') + loggiq + 1). 



Hence 2p^q*'{q + 1) < q~^^ (y/q — 1) since -^ < y/q — 1 ioi q > 4. According to ([7]) 
in the previous proof, this proves that Condition (2) is satisfied. 
The same reasoning as in the previous proof shows that Condition (3) is also satisfied 
as soon as A; > log^ (^) + 1. Moreover, for 7i > 13, the interval [log^ (^) + 1, ^^] 
contains at least one integer and the smallest integer k in this interval is the smallest 
integer k for which Condition (3) is verified. Furthermore, for such an integer k, 
Condition (1) is easily verified from Theorem 14.91 since q > 4 and gk.s > 52 > 6 
according to Formula ^ . 

To complete the proof, we want to focus on the case 5 < n < 12. For this 
case, we have to look at the values oi q — p^ and n for which we have both 
n > -^ {q + 1 + £(?)) and 5 < n < 12. For each value of n such that these two in- 
equalities are satisfied, we have to check that Conditions (1), (2) and (3) are verified. 
In this aim, we use the KASH packages [^ to compute the genus and number of 
places of degree 1 and 2 of the first steps of the tower T^/Wg. Thus we determine 
the first step Gk,s/^q that satisfied all the three Conditions (1), (2) and (3). We 
resume our results in the following table: 



q = p'' 


2^ 


2-^ 


3^ 


e{q) 


4 


5 


6 


i(q + l + 6(g)) 


4.5 


7 


8 


n to be considered 


5 <n < 12 


7< n < 12 


8 < n< 12 


(fc,s) 


(1,1) 


(1,1) 


(1,1) 


Nl{Gk,s/¥q) 


5 


9 


10 


N2{Gk,s/¥q) 


14 


124 


117 


r{Gk,s/¥q) 


15 


117 


113 


gk.s 


2 


12 


9 


2.9fc,s + 1 


5 


25 


19 


q - (V9-l)>--- 


16 


936 


4374 
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q = p'' 


5 


7 


11 


13 


e{q) 


4 


5 


6 


7 


^(9+l + e('7)) 


5 


6.5 


9 


10.5 


n to be considered 


5 < n< 12 


7< n< 12 


9 < n < 12 


ll<n< 12 


(fc,s) 


(2,0) 


(2,0) 


(2,0) 


(2,0) 


N,{Gk,s/¥,) 


6 


8 


12 


14 


N2{Gk,sl^q) 


60 


168 


660 


1092 


r(Gfe,,/F,) 


53 


151.5 


611.5 


1021.5 


9k.s 


10 


21 


55 


78 


2.9fc,. + 1 


21 


43 


11 


157 


q - (V9-l)>--- 


30 


564 


33917 


967422 



In this table, one can check that for each value of q and n to be considered and 
every corresponding step Gk,s/^q one has simultaneously: 

• gk,s > 2 so Condition (1) is verified according to Theorem 14. 9[ 

• 2gk,s + 1 < q'^^{\fq^ 1) so Condition (2) is verified. 

• r(Gfe,3/F,) := i (iVi(Gfc,,/Fg) + 2iV2(Gfe,,/F,) - 2.9^,, + 1) > ?i so Condi- 
tion (3) is verified. 

D 
This is a similar result for the tower T/Fp2: 

Lemma 4.12. Let p > 5 and n > ^ {p^ + 1 + e(p^)) . There exists a step i/j./Fp2 
of the tower T/¥p2 such that the three following conditions are verified: 

(1) there exists a non-special divisor of degree g^ — 1 in Hk/¥p2, 

(2) there exists a place of Hk/¥p2 of degree n, 

(3) N^{Hk/¥p2)>2n + 2gk-l. 

Moreover the first step for which all the three conditions are verified is the first step 
for which (3) is verified. 

Proof. Note that n > ^{5'^ + 1 + 6(5^)) = 18. We first prove that for aU inte- 
gers k such that 2 < /c < n — 2, we have 2gk + 1 < p"^^(p — 1) , so Condition (2) 
is verified according to Corollary 5.2.10 in [31]. Indeed, for such an integer fc, since 
p > 5 one has k < log^ip"''^) < log^ip"'^ - 1), thus k + 2 < logj (4(p"-i - 1)) < 
log2(4p"-i-l) and it follows that 2*^+2 + 1< 4p"-i. Hence 2 • 2*^+1 + 1 < p"^i(p - 1) 
since p > 5, which gives the result according to Lemma l4!6l ii) . 
We prove now that for /c > log2(2n — 1) — 2, Condition (3) is verified. Indeed, 
for such an integer k, we have k + 2 > log2(2n — 1), so 2*^+^ > 2?! — 1. Hence 
we get 2*^+3 >2n + 2^+'^ - 1 and so 2''+'^{p - 1) > 2^+^ • 4 > 2n + 2*^+2 - 1 since 
p > 5. Thus we have Ni{Hk/¥p2) >2n + 2gk — 1 according to Bound ([5]) and 
Lemma 14.61 ii) . 

Hence, we have proved that for any integers n > 18 and k > 2 such that 
log2(2n — 1) — 2<fc<n — 2, both Conditions (2) and (3) are verified. More- 
over, note that for any n > 18, there exists an integer fc > 2 in the interval 
[log2(2n - 1) - 2; n - 2] . Indeed, log2(2 • 18 - 1) - 2 ~ 3.12 > 2 and the size of 
this interval increases with n and is greater than 1 for n = 18. To conclude, remark 
that for such an integer fc. Condition (1) is easily verified from Theorem 14.91 since 
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p^ > 4 and 5fc > 52 = 3 according to Formula ([4]). 

D 
This is a similar result for the tower T/Fpi 

Lemma 4.13. Let p > 5 and n > ^ {p + I + e(p)). There exists a step Hk/¥,p of 
the tower T/¥p such that the three following conditions are verified: 

(1) there exists a non-special divisor of degree gfc — 1 in H]^/¥p, 

(2) there exists a place of H^/Vp of degree n, 

(3) Ni{Hk/¥p) + 2Ni{Hk/Vp) > 2n + 2gk - 1. 

Moreover the first step for which all the three conditions are verified is the first step 
for which (3) is verified. 

Proof. Note that n> i(5 + 1 + e(5)) = 5. We first prove that for all integers k 

such that 2 < fc < n — 3, we have 2gk + 1 < p~2~ (y'p — 1), so Condition (2) is veri- 
fied according to Corollary 5.2.10 in [5T]. Indeed, for such an integer k. since p > 5 
and rt > 5 one has log2(p^^ ^ 1) > log2(5^^ ^ 1) > log2(2"'~^) = n — 1. Thus 
A: + 2<n— 1< log2(p^^ — 1) and it follows from Lemma 14.61 ii) that 
2gk + 1 < 2*^+^ + 1 < p^^ < p^i~ {y/p — 1); which gives the result. 
The same reasoning as in the previous proof shows that Condition (3) is also satisfied 
as soon as k > log2(2n — 1) — 2. Hence, we have proved that for any integers n > 5 
and k > 2 such that log2(2n — 1) — 2<fc<n — 3, both Conditions (2) and (3) are 
verified. Moreover, note that the size of the interval [log2(2n — 1) — 2; n — 3] in- 
creases with n and that for any n > 5, this interval contains at least one integer 
k > 2. To conclude, remark that for such an integer k, Condition (1) is easily 
verified from Theorem 14.91 since p > 4 and 5fc > 52 = 3 according to Formula Q . 

D 
Now we establish general bounds for the bilinear complexity of multiplication by 
using derivative evaluations on places of degree one (respectively places of degree 
one and two). 

Theorem 4.14. Let q be a prime power and n > I be an integer. If there exists an 
algebraic function field F/¥q of genus g with N places of degree 1 and an integer 
< a < N such that 
(i) there exists TZ, a non-special divisor of degree g — 1, 

(ii) there exists Q, a place of degree n, 

(Hi) N + a>2n + 2g-l. 

Then 

Mg("-) <2n + g — 1 + a. 

Proof. Let V :— {Pi, . . . , P/v} be a set of A^ places of degree 1 and V be 
a subset of V with cardinal number a. According to Lemma 2.7 in [12J, we can 
choose an effectif divisor T) equivalent to Q -{-TZ such that supp(2?) n 7^ = 0. We 
define the maps Evq and Ev-p as in Theorem 13.61 with u^ = 2 if P; e V and 
Mj = 1 if Pi e V\V'. Then Evq is bijective, since ker£:i;Q = C{V - Q) with 
dim(2? -Q) = dim(i?) = and dim(im£;uQ) = dimP = degP - 5 + 1 -f- i{V) > n 
according to Riemann-Roch Theorem. Thus dini(im_Bi;Q) = n. Moreover, Ev-p 

is injective. Indeed, ker Evp — £(22? — X)i=i ^i^O with deg(2I? — X)i=i "i^O — 
2{n-\-g-l)-N-a < 0. Furthermore, one hasikEvp = dim(2I?) = deg(2X') -5-I- 
1-^(21?), and 1(21?) = since 2V>V>TZ with i(7^) = 0. So rkEvv = 2n + g - I, 
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and we can extract a subset Vi from V and a subset V'l from V' with cardinal 
number A'^i < N and ai < a, such that: 

• iVi +ai = 2n + .g - 1, 

• the map Ev-p^ defined as Ev-p with Ui — 2 if Pi (z V'l and w^ = 1 if 
Pi G 'Pi\'P{, is injective. 

According to Theorem 13.61 this leads to Hq{n) < iVi + 2ai < Ni + ai + a which 
gives the result. D 

Theorem 4.15. Let q be a prime power and n > 1 be an integer. If there exists 
an algebraic function field F/¥q of genus g with Ni places of degree 1, N2 places 
of degree 2 and two integers < ai < A^i, < 02 < N2 such that 

(i) there exists TZ, a non-special divisor of degree g — 1, 
(ii) there exists Q, a place of degree n, 
(Hi) TVi + ai + 2{N2 + 02) > 2n + 25 - 1. 

Then 

f-qin) < 2n + g + N2 + ai + 4a2 

and 

Hq{n) <3n+ -g+ — + 802. 

Proof. Let Vi :— {Pi,. . . ,Pni} be a set of Ni places of degree 1 and V'l be 
a subset of Vi with cardinal number ai. Let V2 '■= {Qi, ■ ■ ■ , QN2} be a set of N2 
places of degree 2 and 7^2 be a subset of 7^2 with cardinal number 02. According to 
Lemma 2.7 in [12], we can choose an effectif divisor V equivalent to Q + TZ such that 
supp(X') n {Pi UP2) = 0. We define the maps Evq and Ev-p as in Theorem 13.61 
with u^ ^2[i P^ eP[U P2 and u, = 1 if P,; e iPi\Pi) U {P2\P'2)- Then the same 
raisoning as in the previous proof shows that Evq is bijective. Moreover, Evp 
is injective. Indeed, 'kei Ev-p = £(22? — X]i=i '^iPi) with deg(2I? — X]i=i "^iPi) — 
2{n + g - 1) - (A^i + ai + 2(A^2 + 02)) < 0. Furthermore, one has rk Evp = 
dim(2X') = dcg(2X') - .g + 1 + 1(21?), and 1(21?) = since 2V > V > TZ with 
i{TZ) = 0. So rk Evp — 2n + g — I, and we can extract a subset Pi from Pi, a 
subset P'l from P'l, a subset P2 from P2 and a subset P2 from T'j with respective 
cardinal numbers iVi < Ni, oi < ai, A'2 < -/V2 and 02 < 02, such that: 

• 2n + g>Ni+ai + 2{N2 + 02) > 2n + 5 - 1, 

• the map Evp defined as Evp with Ui = 2 ii Pi E P[\J P2 and u; = 1 if 
{PiXP'i) U {P2\V2), is injective. 

According to Theorem 13.61 this leads to fiq{n) < Ni + 2ai + 3{N2 + 202) since 
Mk{2) < 3 for all prime power k. Hence, one has the first result since 
Ni + di + 2{N2 + 02) < 2n + g and the second one since ^ + N2 + 0,2 < ^ + n. 

a 

4.4. New upper bounds for iiq{n). Here, we give a detailed proof of Bound (i) 
of Theorem 13.81 and we give an improvement of Bound (ii). Moreover, we correct 
the bound for /ip2 (n) given in [IJ and ameliorate the unproved bound for ^ip{n). 
Namely, we prove: 
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Theorem 4.16. Let q = p'' > A be a power of the prime p. Then 

(i) Ifq^p->A, then fi,2 (n) < 2 (^1 + —-^-^^^—^'j n, 



(n) Ifq=p''>'i, then //g(n) < 3 ( 1 + - 

(in) Ifp>5, then iip2{n) < 2 I ] 
(iv) If p> 5, then iJ,p{n) < 3 I 1 



2 

Proof. 

(i) Let n > ^(g^ + 1 + e((?^))- Otherwise, we already know from Theorems 12.21 
and 13.111 that ij,g2 (n) < 2n. According to Lemma 14.101 there exists a step of 
the tower T2/¥q2 on which we can apply Theorem 14.141 with a = 0. We denote 
by i^fc,s+i/IFg2 the first step of the tower that suits the hypothesis of Theorem 
14. 141 with a = 0, i.e. k and s are integers such that Nk,s+i > 2n + 2gk.s+i — 1 
and Nk,s < 2n + 2gk,s - 1, where Nk,s ■= A^i(i^fe,s/F,2) and gk := g{Fk,s)- We 
denote by tt-q'* the biggest integer such that Nk^s > Sng'** + 2gk,s — 1, i-e. 
Uq'" — sup |n g N I 2n < Nk.s ~ 2gk^s + l}- To perform multiplication in Fg2n , 
we have the following alternative: 

(a) use the algorithm on the step Fk^s+i- Li this case, a bound for the bilinear 
complexity is given by Theorem 14. 141 applied with a — 0: 

Hq2{n) <2n + gk,s+i - I = 2n + gu.s - 1 + ^gk,s- 

(Recall that l^gk.s ■= 9k,s+i - Qk.s) 

(b) use the algorithm on the step Fk^s with an appropriate number of deriv- 
ative evaluations. Let a :— 2{n — Kq'^) and suppose that a < Nk.s- Then 
Nk.s > 2riQ''* + 2gk^s — 1 implies that Nk^s + a > 2n + 2gk^s — 1 so Condi- 
tion (iii) of Theorem 14.141 is satisfied. Thus, we can perform a derivative 
evaluations in the algorithm using the step Fk.s and we have: 

^iq2 (n) <2n + gk,s ~ I + a. 

Thus, if a < Nk^s Case (b) gives a better bound as soon as a < l^gk,s- Since 
we have from Lemma l44l both Nk.s > F>k.s and Agt ^ > Dk^s, if a < Dk^s then 
we can perform a derivative evaluations on places of degree 1 in the step Fk^s 
and Case (b) gives a better bound then Case (a). 

For X e R+ such that Nk^s+i > 2[x] + 2gk,s+i - 1 and Nk,s < 2[x] + 2gk,s - 1, 
we define the function ^k.s{x) as follow: 

^ks{x) = [ '^^ + 9k,s~l + 2{x~nl''') \i2{x-nl''') <Dk,s 
1 2x -I- gk,s+i ~ 1 else. 

We define the function $ for all a; > as the minimum of the functions ^k,s 
for which x is in the domain of ^k,s- This function is piecewise linear with 
two kinds of piece: those which have slope 2 and those which have slope 4. 
Moreover, since the y-intercept of each piece grows with k and s, the graph 
of the function $ lies below any straight line that lies above all the points 
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(np '^ H 1^1 ^{"''^a'^ ^ 1^))' since these are the vertices of the graph. Let 

X := n'^'" + ^, then 



$(X) < 2X + gk,s+i-l 
< 2X + gk.s+i 

We want to give a bound for ^(X) which is independent of k and s. 
Recall that Dk.s '■— [p — ^)p^<l^ , and 



K^' > q' 


V(g + l)(q-3) byLemma|45| 


and 




9k,s+i < q'" 


\q + 1)^"+^ by Lemma 113] (iii). 


So we have 




9k,s+l 


.9fe,s+i 


2X 


24'' + Dk^s 


<" 


g'=-i(q + iy+i 




qk~ips^q + i)(g _ 3) + (p _ i^psqk 




q^-\q+l)p'p 




qk-^{q + l)ps[q-i+{p-l)^"^ 




P 



(q-3) + (p-l)^ 

Thus, the graph of the function $ lies below the line i/ = 2 (1 + , z)]^ i) '' 
In particular, we get 

$(n)<2(l' ^ '" 



(g-3) + (p-l) 



9+1, 



(ii) Let n > i(g + 1 + e(g)). Otherwise, we already know from Theorems 
and 13.111 that pLq{n) < 2n. According to Lemma [4.111 there exists a step of 
the tower Tij/F^ on which we can apply Theorem 14.151 with ai — a2 = 0. 
We denote by Gk,s+i/Pq the first step of the tower that suits the hypoth- 
esis of Theorem 14.151 with ai — a2 = 0, i.e. k and s are integers such that 
Nk,s+i > 2n + 2gk^s+i - 1 and Nk,s < 2n + 2gk^s - 1, where 

Nk,s := iVi(Gfe,,/F,) + 2N2{Gk^J¥g) and .g^^, := g{Gk,s)- We denote by n'^^-' 
the biggest integer such that Nk,s > ^.tlq'^ + 2gk^s — 1, i-e. 
Uq'^ — sup |n e N I 2n < Nk.s — 2gk^s + l}- To perform multiplication in Fgn, 
we have the following alternative: 

(a) use the algorithm on the step Gk.s+i ■ In this case, a bound for the bilinear 
complexity is given by Theorem 14. 151 applied with ai = 02 = 0: 

Pq{n) <3n+ -gk.s+i = 3^0''' + -gk,s + 3(n - jig^") + -Agk,s- 

(b) use the algorithm on the step Gk,s with an appropriate number of deriva- 
tive evaluations. Let ai + 2a2 '■= 2(n — Kg'*) and suppose that ai + 2a2 < Nk^s 
Then Nk^s > ^nQ^"^ + 2gk,s — 1 implies that Nk,s + ai -I- 2a2 >2n~\- 2gk,s — 1- 
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Thus we can perform ai +a2 derivative evaluations in the algorithm using 
the step Gk,s and we have: 

/Zq(n) < 3n + -gk,s + -^(01 + 202) = Suq'" + -gu^s + 6(n - ng'""). 

Thus, if ai+2a2 < N^^s Case (b) gives a better bound as soon as n — tiq'^ < jA^fc 
Since we have from Lemma 14.41 both Nk^s > ^fc,s and iA^fc.s > ^Dk^s, if 
ai + 2a2 < Dk^s, i-e. n — Uq'* < 2^k.s, then we can perform ai derivative 
evaluations on places of degree 1 and 02 derivative evaluations on places of 
degree 2 in the step Gk^s and Case (b) gives a better bound then Case (a). 
For X e M+ such that 7Vfe,s+i > 2[a;] + 2gk,s+i - 1 and Nk,s < 2[x] + 2gk^s - 1, 
we define the function ^k.s{x) as follow: 

{3a; + '^gk,s + 3(a; - n^'") if x - n^'" < -j^ 
3x + ^gk,s+i else. 

We define the function $ for all a; > as the minimum of the functions ^k.s 
for which x is in the domain of ^k,s- This function is piecewise linear with 
two kinds of piece: those which have slope 3 and those which have slope 6. 
Moreover, since the y- intercept of each piece grows with k and s, the graph 
of the function $ lies below any straight line that lies above all the points 



n, 



Dk.s ^/k 



— ,$(nQ''* H 1^)), since these are the vertices of the graph. Let 



"^ 2 '^V'O "T 2 



X := nl'" + %^, then 



$(X) < 3X + ^.gfc„ 



2- 
- 3(1 + ^|^')X 



(' 



We want to give a bound for $(^) which is independent of k and s. 
Recall that Du^s '■— (p — l)p''q'', and 



n-0 ^ 


ig^- y(g+l)(g-3) by Lemma |4.b| 


and 




5fc,s+i : 


< q^-'iq + l)p'+' by Lemma|4.3| (iii). 


So we have 




5fc,s+i _ 


9k,s+l 


2X 


2(nS- + %) 


< 


g'=-i(q + l)F'+^ 




2(ig'=-ip-(g + l){q - 3) + i(p- l)rg'=) 




g'=-i(<7 + l)p> 








(<7-3) + (p-l)-fT 
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Thus, the graph of the function $ hes below the hne y = 3 ( 1 + , _^\:Fi) 
In particular, we get 

P \ 



(iii) Let n > ^{p^ + 1 + e(p^)). Otherwise, we already know from Theorems 12.21 
and 13.111 that fip2 (n) < 2n. According to Lemma 14.121 there exists a step of 
the tower T/¥p2 on which we can apply Theorem 14. 141 with a = 0. We denote 
by Hk+i/¥p2 the first step of the tower that suits the hypothesis of Theo- 
rem l4.14] with a = 0, i.e. k is an integer such that A'^^+i > 2n + 2gk+i — 1 and 
Nk <2n + 2gk- I, where Nk := Ni{Hk/¥p2) and gk := g{Hk). We denote by 
Uq the biggest integer such that Nk > 2nQ + 2gk — 1, i.e. 
tiq = sup {n S N I 2n < Nk — 2gk + l}- To perform multiplication in Fp2n, we 
have the following alternative: 

(a) use the algorithm on the step Hk+i- In this case, a bound for the bilinear 
complexity is given by Theorem 14. 141 applied with a — 0: 

Hp2 {n) <2n + gk+i - 1 = 2n + gk - 1 + Agk,s- 

(Recall that Agk := gk+i - gk) 

(b) use the algorithm on the step Hk with an appropriate number of deriv- 
ative evaluations. Let a :— 2{n — rig) and suppose that a < Nk- Then 
Nk > 2nQ + 2gk — 1 implies that Nk + a>2n + 2gk — 1 so Condition (3) 
of Theorem 14.141 is satisfied. Thus, we can perform a derivative evalua- 
tions in the algorithm using the step Hk and we have: 

Ij,p2 (n) < 2n + gk - I + a. 

Thus, if a < Nk Case (b) gives a better bound as soon as a < Agk- For 
a; G R+ such that iV^+i > 2[a;] -f 2gk+i - 1 and Nk <2[x] + 2gk~ I, we define 
the function ^k{x) as follow: 

* r^^-/ 2x + gk-l + 2{x~n^o) if 2(a; - ng) < Ag^ 
''^ ' \ 2x + gk+i-l else. 

Note that when Case (b) gives a better bound, that is to say when 2{x — Uq) < Agk, 
then according to Lemma 14.71 we have also 

2{x - ng) < Nk 

so we can proceed as in Case (b) since there are enough rational places to use 
a = 2{x — tiq) derivative evaluations on. 

We define the function $ for all a; > as the minimum of the functions 
^k for which x is in the domain of $fc. This function is piecewise linear 
with two kinds of piece: those which have slope 2 and those which have 
slope 4. Moreover, since the y-intercept of each piece grows with fc, the 
graph of the function $ lies below any straight line that lies above all the 

points (tIq H — |^,$(riQ H f^)), since these are the vertices of the graph. 

Let X :==ng + ^, then 

^X) < 2X + gk+i-l<2(l + ^')x. 

We want to give a bound for ^{X) which is independent of k. 
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Lemmas 14.61 ii) , 14.71 and 14.81 give 



ff/c4 



< 



2fe+2 



2X " 2fe+i(p-3)+4 + 2'^-+i-2^ 

2fe+2 



2^+1 ((p- 


-3) + l + 2-* 
2 


P 


-2 + 2- 
2 


-fc+i-2-^ 


P 


33 
16 





fe+l 



< 

since — -i is the minimum of the function k i— > 2^*+^ — 2" 

16 

Thus, the graph of the function $ Hes below the hne y = 2 [l -\ — -^ ) x. In 
particular, we get 

^(n) < 2 ( 1 



p 33 
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(iv) Let n > ^{p + 1 + e{p)). Otherwise, we already know from Theorems 12.21 and 
13.111 that Hp{n) < 2n. According to Lemma [4.131 there exists a step of the 
tower T/Fp on which we can apply Theorem l4. 151 with oi = 02 = 0. We denote 
by Hk+i/^p the first step of the tower that suits the hypothesis of Theorem 
14.151 with ai — a2 ^ 0, i.e. k is an integer such that Nk+i > 2n + 2gk+i — 1 
and Nk<2n + 2gk - 1, where Nk := Ni{Hk/¥p) + 2N2{Hk/¥p) and gt := g{Hk). 
We denote by n§ the biggest integer such that Nk>2n^ + 2gk — l, i.e. 
Uq = sup {71 G N I 2?i < Nk — 2gk + l}- To perform multiplication in Fp>., we 
have the following alternative: 

(a) use the algorithm on the step Hk+i- In this case, a bound for the bilinear 
complexity is given by Theorem 14.151 applied with ai = a2 = 0: 

3 3 3 

^iq{n) < 3n + -fffc+i = 3ng + -g^ + 3(n - rig) + 2^5fc- 

(b) use the algorithm on the step Hk with an appropriate number of derivative 
evaluations. Let oi + 2a2 := 2(n — n^) and suppose that ai + 2a2 < Nk- 
Then Nk > 2n§ + 25fc - 1 implies that Nk + ai + 2a2 >2n + 2gk-l. Thus 
we can perform ai + 02 derivative evaluations in the algorithm using the 
step Hk and we have: 

3 3 3 

fip{n) <3n+ -gk + -(ai + 2a2) = 3n^ + -gk + 6{n - n%). 

Thus, if ai+2a2 < TVfe^s Case (b) gives abetter bound as soon as n — rip'* < \t^gk^s- 
For a; e M+ such that iV^+i > 2[a;] + 2gk+\ - 1 and Nk < 2[a::] + 2gk - 1, we 
define the function <I>fc(a;) as follow: 

r 32; + \gk + -iix -n%) \ix-nl<^ 

[ 3x + f 5fe+i else. 

Note that when Case (b) gives a better bound, that is to say when 2{x — tiq) < Af/fc, 
then according to Lemma l47fl we have also 

2{x - n^) < Nk 
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SO we can proceed as in Case (b) since there are enough places of degree 1 and 
2 to use ai + a2 = 2{x — tiq) derivative evaluations on. 

We define the function $ for all a; > as the minimum of the functions 
^k for which x is in the domain of $fe. This function is piecewise linear 
with two kinds of piece: those which have slope 3 and those which have 
slope 6. Moreover, since the y-intercept of each piece grows with fc, the 
graph of the function $ lies below any straight line that lies above all the 
points (tiq H — |^,$(n§ H — |^)), since these are the vertices of the graph. 
Let X :=ng + ^, then 

We want to give a bound for ^{X) which is independent of k. 
The same reasoning as in (iii) gives 

9k+i ^ 2 



2^ -p-i 

Thus, the graph of the function $ lies below the line y = 3 ( 1 + ^j'^ ) x. In 
particular, we get 

Hn) < 3 fl + -^33 



p- 



P 



16 



D 



4.5. New asymptotical upper bounds for Hqin). In this section, we give upper 
bounds for the asymptotical quantities niq and Mq which are defined above in 
Section 13.1.21 First, let us repair the two main mistaken statements (as well as 
their corollaries) due to I. Shparlinsky, M. Tsfasman and S. Vladut (Theorem 3.1 
and Theorem 3.9 in ^\) in the two following propositions. 

Proposition 4.17. Let q be a prime power such that A(q) > 2. Then 

1 



Proof. Let (Fg/Vq) be a sequence of algebraic function fields defined over 
¥q. Let us denote by gs the genus of Fs/¥q and by Ni{s) the number of places of 
degree 1 of Fs/¥q. Suppose that the sequence {Fs/¥q) was chosen such that: 

(1) lims^+oo.9s = +oo; 

(2) lim,^+o,^ = A(g). 

Let e be any real number such that < e < — ^ — 1. Let us define the following 
integer 

Nijs) - 2gs{l + e) 
2 
Let us remark that 

Ni{s)=g,A{q)+o{g,), 
so Niis) - 2(1 + e)gs = g, {A{q) - 2(1 + e)) + o(.g,). 
Then the following holds 

(1) there exists an integer sq such that for any s > sq the integer Ug is strictly 
positive; 
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(2) for any real number c such that < c < A{q) — 2(1 + e) there exists an 
integer si such that for any integer s > si the following holds: Ug > ^gs, 
hence n^ tends to +oo; 

(3) there exists an integer S2 such that for any integer s > S2 the following 

holds: 2gs + 1 < q^^~ [q^ — l) and consequently there exists a place of 

degree Us (cf. [30l Corollary 5.2.10 (c) p. 207] ). 

(4) the following inequality holds: Ni{s) > 2ns + 2gs — 2 and consequently, 
using Theorem 13.91 we conclude that fj,q{ns) < 2ns + gs — 1- 

Consequently, 

Us ~ Us ' 

2o, - 2 / 1 
m„ < 2 + hm — ^ ^ < 2 1 + -— ; 

«- s^+ooNi{s)-2{l + e)gs~2- \ ^(g) - 2(1 + e) 

This inequality is true for any e > sufficiently small. Then we obtain the result. 

D 

Corollary 4.18. Let q — p™ be a prime power such that 9 > 4. Then 

1 



m,.<2^1,^_3 

Note that this corollary lightly improves Theorem 13.21 Now in the case of arbi- 
trary q, we obtain: 

Corollary 4.19. For any q — p™ > 3, 



..,<3^1 + ^ 

Proof. For any q = p™ > 3, we have q^ — p^™ > 16 and thus Corollarv l4.18l 
gives mq2 < 2 ( 1 H — Kr 1 . Then, by Lemma [531 we have 

rUq < 171^2. Hq{2)/2 

which gives the result since /i<j(2) = 3 for any q. D 

Now, we are going to show that for Alq the same upper bound as for ruq can 
be proved though only in the case of q being an even power of a prime. However, 
we are going to prove that in the case of q being an odd power of a prime, the 
difference between the two bounds is very slight. 

Proposition 4.20. Let q — p™ be a prime power such that q > 4. Then 

1 



Mq2 < 2 I 1 



9- 

Proof. Let q — p™ be a prime power such that g > 4. Let us consider two 
cases. First, we suppose q ^ p. We know that for any real number e > and 
for any sufficiently large real number x, there exists a prime number l^ such that 
X < Ik < {1 + e)x. Now, without less of generality let us consider the characteristic 
p such that p ^ 11. Then it is known ([33] and [29]) that the curve Xk = Xoilllk), 
where Ik is the k-th prime number, has a genus gk = h and satisfies Ni{Xk{¥q2)) > 
{q — l){gk + 1) where Ni{Xk{¥q2)) denotes the number of rational points over Fq2 
of the curve Xk- Let us consider a sufficiently large n. There exist two consecutive 
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prime numbers Ik and Ik+i such that [p — l){lk+i + 1) > 2n + 2lk+i — 2 and 
{p — l)(/fc + 1) < 2n + 2/fc — 2. Let us consider the algebraic function field Fk+i/¥p2 
associated to the curve Xk+i of genus l^+i defined over Fp2. Let Ni{Fk/¥p2) be the 
number of places of degree i of Ffc/Fp2. Then Ni{Fk+i/Wp2) > [p — l)(/fc+i + 1) > 
2n + 2lk+i — 2. Moreover, it is known that Nn{Fk+i/Wp2) > for any integer n 
sufficiently large. We also know that Ik+i — h ^ Ij^^ for any integer k > ko where 
ko can be effectively determined by |2]- Then there exists a real number e > such 
that Ik+i — Ik — e'fc ^ ^k namely Ik+i < (1 + e)^fc- It is sufficient to choose e such 
that e/j,' '^ < 1. Consequently, for any integer n sufficiently large, this algebraic 
function field Fk+i/¥p2 satisfies Theorem 13.91 and so /ip2(n) < 2n + Ik+i — 1 < 
2n + (1 + e)lk - 1 with Ik < -^ - ^. Thus, as n — > +oo then Ik — > +oo and 

e — > 0, so we obtain Mp2 < 2 (l + ^ j . Note that for p = 11, Proposition 4.1.20 

in [33] enables us to obtain gk = Ik + 0(1). 

Now, let us study the more difficult case where q = p™ with m > 1. We use 
the Shimura curves as in [29,. Recall the construction of this good family. Let L 
be a totally real abelian over Q number field of degree m in which p is inert, thus 
the residue class field Ol/{p) of p, where Ol denotes the ring of integers of L, is 
isomorphic to the finite field Fg. Let p be a prime of L which does not divide p 
and let i? be a quaternion algebra for which 

B (g)Q M = Af2(K) «) H «)...«) H 

where H is the skew field of Hamilton quaternions. Let B be also unramified at 
any finite place if (to — 1) is even; let B be also unramified outside infinity and p 
if (to — 1) is odd. Then, over L one can define the Shimura curve by its complex 
points Xr(C) = F \ f), where \) is the Poincare upper half-plane and P is the group 
of units of a maximal order O oi B with totally positive norm modulo its center. 
Hence, the considered Shimura curve admits an integral model over L and it is 
well known that its reduction Xr,p(Fp2m) modulo p is good and is defined over 
the residue class field Ol/{p) of p, which is isomorphic to F^ since p is inert in 
L. Moreover, by [26j, the number A^i(Xr,p(Fq2)) of Fq2-points of Xr,p is such that 
7Vi(Xr,p(Fq2)) >{q — l){g + 1), where g denotes the genus of Xr,p(Fg2). Let now I 
be a prime which is greater than the maximum order of stabilizers P^, where z G t) 
is a fixed point of P and let p\l. Let ro(0/ be the following subgroup of GL2(Z;): 

Po(Oi-|(" \\eGL2{'Li),c=Q{modl) 

Suppose that I splits completely in L. Then there exists an embedding F — > Q/ 
where Q/ denotes the usual Z-adic field, and since B (g)Q Q/ = Af2(Q;), we have a 
natural map: 

Let P; be the inverse map of Tq{1)i in P under (pi. Then P; is a subgroup of P of 
index I. We consider the Shimura curve Xi with 

Xi{C)^Ti\i). 

It admits an integral model over L and so can be defined over L. Hence, its 
reduction Xi^p modulo p is good and it is defined over the residue class field Ol/{p) 
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of p, which is isomorphic to ¥q since p is inert in L. Moreover the supersingular 
Fp-points of Xr,p spht completely in the natural projection 

Thus, the number of the rational points of Xi,p{¥g2) is: 

N,iXi^pi¥q2))>liq-l)ig + l). 

Moreover, since I is greater than the maximum order of a fixed point of F on f). the 
projection iri is unramified and thus by Hurwitz formula, 

gi^l + l{g-l) 

where gi is the genus of Xi (and also of Xi^p). 

Note that since the field L is abelian over Q, there exists an integer N such that 
field L is contained in a cyclotomic extension Q{Cn) where (^n denotes a primitive 
root of unity with minimal polynomial $jv- Let us consider the reduction ^nj^ of 
$jv modulo the prime Ik- Then, the prime Ik is totally split in the integer ring of 
L if and only if the polynomial ^N,ik is totally split in F;^ = Z/Z^Z i.e if and only 
if Fij. contains the Nth roots of unity which is equivalent to N \ Ik — 1- Hence, any 
prime Ik such that //c = 1 mod N is totally split in Q(CAf) and then in L. Since Ik 
runs over primes in an arithmetical progression, the ratio of two consecutive prime 
numbers ^^ = 1 mod N tends to one. 

Then for any real number e > 0, there exists an integer fco such that for any 
integer k > ko, Ik+i < (1 + e)/fc where Ik and Ik+i are two consecutive prime 
numbers congruent to one modulo TV. Then there exists an integer Ug such that for 
any integer n > n^, the integer fc, such that the two following inequalities hold 

lk+i{q-l){g+l)>2n + 2gi^^^-2 

and 

lk{q-l){g+l)<2n + 2gi,~2, 

satisfies fc > fco where gi. — I + li{g — 1) for any integer i. Let us consider the 
algebraic function field Ffc/Fq2 defined over the finite field Fq2 associated to the 
Shimura curve Xi^ of genus g/^ . Let Ni{Fk /¥ ^2) be the number of places of degree 
iofi^fc/F,2. TheniVi(i^fc+i)/Fq2) > lk+i{q-l)ig+l) > 2n+2gi^^^-2 where g is the 
genus of the Shimura curve Xr^pifq^). Moreover, it is known that there exists an 
integer no such that for any integer n > no, Nn{Fk+i/¥q2) > 0. Consequently, for 
any integer n > max(n£, no) this algebraic function field Fk+i/¥g2 satisfies Theorem 
[S;i]andso/z,2(n) < 2n + gi^^-^-l < 2n + lk+i{g-l) < 2n+{l + e)lk{g-l) withlk < 
, _.w i3i')_2f _i) ■ Thus, for any real number e > and for any n > max(n(:,no), 

{q-l)(g+l)-2(g-l) ^''''^'' S^^^= ^"<Z" - ^ {"^ ^ q 



we obtain ^,2 (n) < 2n + r„^u[lX'il'-2{'g-i) ^^^i^h gives Mq2 < 2 ( 1 + -^ j . D 



Proposition 4.21. Let q = p™ be a prime power with odd m such that q > 5 . 
Then 

Mo < 3 ( f 



''--\' ■ q-3 

Proof. It is sufhcient to consider the same families of curves that in Proposition 
14.201 These families of curves Xk are defined over the residue class field of p which 
is isomorphic to ¥q. Hence, we can consider the associated algebraic function 
fields Fk/¥q defined over F,. If 9 == p, we have Ni{Fk+i/¥p2) = NiiFk+i/¥p) + 
2N2{Fk+i/¥p) > (p-I)(?fc+i + I) > 2n+2?fc+i-2 since ^fc+i/Fp2 = Fk+i/¥p®w¥p2. 
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Then, for any real number e > and for any integer n sufficiently large, we have 
fip{n) < 3n + 3gi^^^ < 3n + 3(f + e)lk by Theorem [32] since iV„(Ffc+i/Fg2) > 0. 

Then, by using the condition /^ < -^ — ^^ , we obtain Mp < 3 ( 1 + -^ ) . If 
q - p" with odd m, we have iVi(Ffe+i/F,2) = A^i(Ffe+i/F,) + 2iV2(Ffe+i/F,) > 
?fc+i(g-l)(5 + l) >2n+2g,,^^-2sinceffc+i/F,2 = Fk+i/¥g®T^^¥g2. Then, for any 
real number e > and for any integer n sufBciently large as in Proof 3201 we have 
^lg{n) < 3n+3gi^^, < 3n+3(l+e)/fe by TheoremEHsince Af„(Ffc+i/F,2) > 0. Then, 

by using the condition Ik < , _]^w i?n_2( -d ^^ obtain Mq < 3 ( 1 + ^-§-3 ) . D 

Proposition 4.22. 

M2 < 13.5. 

Proof. Let q = p™ = 4. We also use the Shimura curves. Let L = Q(Vd) be a 
totally real quadratic number field such that d = I mod 8. Then the prime p = 2 
is totally split in L and so the residue class field Ol/{p) of p, where Ol denotes 
the ring of integers of L, is isomorphic to the finite field F2. Then, let p be a prime 
of L which does not divide p and let S be a quaternion algebra for which 

where H is the skew field of Hamilton quaternions. Let B be also unramified outside 
infinity and p. Then, over L one can define the Shimura curve by its complex points 
Xr{C) — r\[), where f) is the Poincare upper half-plane and F is the group of units 
of a maximal order O oi B with totally positive norm modulo its center. Hence, 
the considered Shimura curve admits an integral model over L and it is well known 
that its reduction Xr,p(Fp2Tn ) modulo p is good and is defined over the residue class 
field Ol/(p) of p = 2, which is isomorphic to F2 since p = 2 is totally split in 
L. Moreover, by [53], the number Ni{XY^p(¥q-i) of Fg2 -points of Xy-^p is such that 
iVi(Xr^p(Fq2)) > (g — l){g + 1), where g denotes the genus of Xr_p(Fq2). Let now I 
be a prime which is greater than the maximum order of stabilizers F^ , where z G f) 
is a fixed point of F and let p\l. Let Fo(Z)/ be the following subgroup of GL2(Z/): 

FoW/^K^ J ) eGL2(ZO,c = 0(morfO 

Suppose that I splits completely in L. Then there exists an embedding F — > Q/ 
where Q/ denotes the usual Z-adic field, and since B (g)Q Q/ — M2(Q;); we have a 
natural map: 

(j)i ■.T^GL2{1i). 
Let F; be the inverse map of Fo(/)/ in F under (pi. Then F; is a subgroup of F of 
index I. We consider the Shimura curve Xi with 

Xj(C)=F,\f)- 
It admits an integral model over L and so can be defined over L. Hence, its reduction 
Xi^p modulo p = 2 is good and it is defined over the residue class field Ol/{p) of 
p = 2, which is isomorphic to F2 since p = 2 is totally split in L. Moreover the 
supersingular F^-points of X^.p split completely in the natural projection 

TTi : Xi^p —7' Xt^p- 
Thus, the number of the rational points of X;_p(F^2) is: 

Ni{Xi^p{¥q.))>l[q-l)[g + l). 
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Moreover, since I is greater than the maximum order of a fixed point of F on I], the 
projection tti is unramified and thus by Hurwitz formula, 

5, = 1 + ^5-1) 

where gi is the genus of Xi (and also of Xi^p). Note that since the field L is abelian 
over Q, there exists an integer TV such that field L is contained in a cyclotomic 
extension Q{Cn) where C^r denotes a primitive root of the unity with minimal 
polynomial $Ar. Let us consider the reduction ^n.i^ '^^ ^n modulo the prime 
Ik- Then, the prime l^. is totally split in the integer ring of L if and only if the 
polynomial ^N.h is totally split in F/^, = Z//feZ i.e if and only if F/^ contains the 
Nth roots of the unity which is equivalent to N \ l^ — I. Hence, any prime l^ such 
that Ik = 1 mod N is totally split in Q{(n) and then in L. Since Ik runs over 
primes in an arithmetical progression, the ratio of two consecutive prime numbers 
Zfe = 1 mod N tends to one. Then for any real number e > 0, there exists an 
integer ko such that for any integer k > ko, h+i < (1 + e)^fc where Ik and ^^+1 
are two consecutive prime numbers congruent to one modulo N. Then there exists 
an integer n^ such that for any integer n > n^, the integer k, such that the two 
following inequalities hold 

lk+i{q-l){g+l)>2n + 2gi,^,+6 

and 

lk{q-l)ig+l)<2n + 2gi,+6, 

satisfies fc>fco where gi. = 1 + li(g — I) for any integer i. 

Let us consider the algebraic function field Fk/^2 defined over the finite field F2 
associated to the Shimura curve Xi^ of genus gi^,. Let Ni{Fk/¥t) be the number 
of places of degree i of Fk/¥t where t is a prime power. Then, since Fk+i/¥q2 = 
Fk+i/¥2^r,Vg2 for q ^ A.wehave Ni{Fk+i/¥g2) ^ Ni{Fk+i/¥2)+2N2iFk+i/¥2) + 
4:Ni{Fk+i/¥2) > h+iiq - l)(.g +1) > 2n + 2gi^^^ + 6 where g is the genus of the 
Shimura curve Xr,p(¥g2). Moreover, it is known that there exists an integer no 
such that for any integer n > uq, Nn{Fk+i /¥ ^2) > 0. Consequently, for any integer 
n > max(rie,no) this algebraic function field Fk+i/¥2 satisfies Theorem 3.2 in [12] 
andsoAi2N < |(n + .9,,^,+5) < |(n + /fc+i(g-l)+6) < ^n+{l + e)lkig-l)) + 27 
with h. < 7 — TT7 — "it „, — TT- Thus, for any real number e > and for any n > 

max(ne,no), we obtain /12H < f (n + 2n^^ + ^) + 27 < |(1 + 2(1 + e))n + 63 
which gives M2 < 13, 5. D 
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